Azure Powershell script throwing 'Forbidden'

Question

I have a powershell script that is throwing error. I am trying to create an Alert Action Group through powershell. The last line is throwing error.

$TenantId = Get-AzTenant | select Id
Connect-AzAccount -TenantId $TenantId.Id -SubscriptionName $SubscriptionName


$Receiver1 = New-AzActionGroupReceiver -Name $ActionGroupReceiver -EmailReceiver -EmailAddress $EmailAddress
Set-AzActionGroup -Name $ActionGroup -ResourceGroup $Rg -ShortName $ActionGroupShortName -Receiver $Receiver1

I have Owner access to the subscription and can confirm that all of these variables have appropriate values. The same code worked for a different subscription in the same tenant where I have contributor access. This is probably an access issue however I am not able to figure why I am getting Forbidden even with Owner access.

Edit - Error text Set-AzActionGroup : Exception type: ErrorResponseException, Message: Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'Forbidden' at Microsoft.Azure.Management.Monitor.ActionGroupsOperations.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.Management.Monitor.ActionGroupsOperationsExtensions.d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.Management.Monitor.ActionGroupsOperationsExtensions.CreateOrUpdate(IActionGroupsOperations operations, String resourceGroupName, String actionGroupName, ActionGroupResource actionGroup) at Microsoft.Azure.Commands.Insights.ActionGroups.SetAzureRmActionGroupCommand.ProcessRecordInternal() at Microsoft.Azure.Commands.Insights.MonitorCmdletBase.ExecuteCmdlet(), Code: Null, Status code:Null, Reason phrase: Null At C:\Users\YashTamakuwala\Desktop\live_traffic\Alerts\Alerts\CreateActionGroup.ps1:25 char:1

Set-AzActionGroup -Name $ActionGroup -ResourceGroup $Rg -ShortName $A ...

  + CategoryInfo          : CloseError: (:) [Set-AzActionGroup], PSInvalidOperationException
  + FullyQualifiedErrorId : Microsoft.Azure.Commands.Insights.ActionGroups.SetAzureRmActionGroupCommand

Hi. It would be best to share your error message as text rather than an image. I googled "Set-AzActionGroup" "forbidden" and got these two results [another thread on SE](https://stackoverflow.com/questions/61117522/set-azactiongroup-exception-type-errorresponseexception) and [one on github](https://github.com/Azure/azure-powershell/issues/11526) there were a few different solutions. Maybe they will help. — Bee_Riii, Apr 08 '21 at 12:10
Made the edit. Thanks for responding. I am attaching at ResourceGroup Level. Not sure where the problem is. — Yash Tamakuwala, Apr 08 '21 at 13:32

score 0 · Accepted Answer · answered Apr 09 '21 at 02:55

0

I found the problem. I tried performing the same action through portal but couldn't. Got this error.

There were policies in place to prevent such activities. Also, the requests from powershell are tracked in Activity Logs which in hindsight, I should have looked into. So I temporarily disabled the policies and was able to run the script successfully.

answered Apr 09 '21 at 02:55

Yash Tamakuwala

1,789
1
24
33

Great! I deleted the answer because it does not apply to your situation. – Allen Wu Apr 09 '21 at 03:01

Azure Powershell script throwing 'Forbidden'

1 Answers1