Azurerm "Root Tenant Group" unauthorized
We have a Azure Subscription which is created in default management group (Root Tenant Group). I am trying to read the information of this subscrption and managment group using "data "azurerm_management_group" "xx" "" But i am getting an unautorized error reading Management Group (Display Name "Tenant Root Group"): listing Management Groups: managementgroups.Client#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" ""
I have a Security Reader access on the managment group and only owner is above me.
Is there a way to troubleshoot this?
PS: For a module dependency limitation i using an older version of azurerm which is v2.95.0.
expecting a managment group id to be read using terraform code
Expecting a managment group id to be read using terraform code.
To retrieve information about the Parent Management Group using Terraform, the Global Administrator role is required, not the Security Reader role. The Security Reader role is intended for accessing information about Child Groups, not Parent Group information. Refer to the Microsoft Documentation for more details
Note: If you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory.
Terraform code:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.95.0"
}
}
}
provider "azurerm" {
features {}
skip_provider_registration ="true"
}
data "azurerm_management_group" "example" {
display_name = "Tenant Root Group"
}
output "display_name" {
value = data.azurerm_management_group.example.display_name
}
Terraform Apply
- How to Start postgres.exe and Change Postgres Account on an Azure Virtual Machine Using Terraform
- Why is the Network Watcher on Azure not destroyed by Terraform?
- Create kubernetes secret for docker registry - Terraform
- How to set Azure SQL database instance with Min 0,5 vCores with Terraform?
- Azure waf custom terraform configuration is throwing error for match_variables
- Automate express route circuit gateway based on express route circuit provision status
- Error: Blob LeaseIdMissing when trying to update remote state in Azure Blob Storage
- Arguments must be maps or objects, got "string"
- Extract Azure subnet IDs from inline definitions
- How to use output from one terraform resource for_each in another resource?
- Error in creating multiple Azure Databricks notebooks using Terraform
- I want to automate express route circuit & Express Route Gateway for Equinix provider using Terraform and deploy it through azure pipeline
- Terraform set data source of key vault based on variable
- Azure Terraform - How to avoid conflicting configuration arguments while creating NSG Rules
- Terraform: Use count.index in variable name
- Terraform not recognizing attributes read from yaml
- Azure Firewall Policy: Decentralized deployment of rule collections with Terraform
- Terraform: Nested for_each in nested dynamic blocks
- Terrform Module for Azure APIM Definitions
- How to enable Application Routing and Configuration Routing settings for AppService VNet Integration using Azure Terraform
- Terraform should I try to merge or flatten a complex variable?
- Not able to do geo restore in same region of azure postgres flex server using terraform
- Terraform Plan Error: Unable to Build Authorizer for Azure Resource Manager API
- azurerm_virtual_machine doesn't remove managed storage_os_disk on destroy
- terraform use a dynamic count to get value from a list
- How to compare a variable against two strings?
- Azure Terraform Create a Firewall rule for a flexible MySql Database
- How to prevent terraform developers from viewing secrets with the nonsensitive function
- Terraform plan on local shows No Changes after import but shows creation on github actions
- Terraform Azure Key Vault - context deadline exceeded