azurepowershellazure-resource-managerazure-bicep

How to see logs from a Powershell script in Deployment Scripts?

I have this template below where I am creating role assignments through a PowerShell script which I have some Write-Host in it. How can I see the output or stdout/stderr?

Template:

@description('Add role assignments to any resource using a PowerShell script.')
resource addRoleAssignments 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
  // Disable the rule because the resource name is dynamic and cannot be stable, check docks at https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template#run-script-more-than-once
  #disable-next-line use-stable-resource-identifiers
  name: 'AddRoleAssignments'
  location: resourceGroup().location
  kind: 'AzurePowerShell'
  properties: {
    azPowerShellVersion: '13.2'
    environmentVariables: []
    scriptContent: loadTextContent('AddRoleAssignments.ps1')
    arguments: '-SubscriptionId ${subscriptionId} -ResourceGroup ${resourceGroupName} -RoleAssignmentsBase64 "${allRoleAssignmentsEncoded}"'
    cleanupPreference: 'OnSuccess'
    retentionInterval: 'P1D'
    // Deployment scripts are idempotent, so we can use utcnow on Tag to force an update
    forceUpdateTag: 'Run-${timestamp}'
  }
}

@description('Output all role assignments.')
output allRoleAssignments array = allRoleAssignments

@description('Output the number of successful role assignments.')
output successCount int = addRoleAssignments.properties.outputs.success

@description('Output the number of failed role assignments.')
output failsCount int = addRoleAssignments.properties.outputs.fails

@description('Output the number of skipped role assignments.')
output skippingCount int = addRoleAssignments.properties.outputs.skipping

If I use Logs from deployment-script-azcli-inputs-outputs example:

@description('Logs from the deployment script.')
resource logs 'Microsoft.Resources/deploymentScripts/logs@2023-08-01' existing = {
  parent: addRoleAssignments
  name: 'default'
}

@description('The logs written by the script')
output logs array = split(logs.properties.log, '\n')

I get this error:

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/1111-11111-1111-1111-111/resourceGroups/wcx-us-gmath/providers/Microsoft.Resources/deployments/roleAssignments.deploymentTemplate","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"ResourceDeploymentFailure","target":"/subscriptions/17581539-6d93-45c3-87f5-d49bc0553c4b/resourceGroups/wcx-us-gmath/providers/Microsoft.Resources/deploymentScripts/AddRoleAssignments","message":"The resource write operation failed to complete successfully, because it reached terminal provisioning state 'failed'.","details":[{"code":"DeploymentScriptOperationFailed","message":"Encountered an internal server error. The tracking activity id is '054a7492-0e0f-4886-bf9b-4e9c90713d46', correlation id is 'bbbf4437-7478-40a9-94c8-d35c78441e62'."}]}]}}

I cannot see nothing here in Logs:

image

Part of Powershell code:

param (
    [string]$SubscriptionId,
    [string]$ResourceGroup,
    [string]$RoleAssignmentsJson
)

# Convert JSON string to PowerShell object
try {
    $decodedJson = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($RoleAssignmentsBase64))        
    $roleAssignments = $decodedJson | ConvertFrom-Json -ErrorAction Stop
    Write-Host "📄 Decoded and parsed $($roleAssignments.Count) role assignments from JSON input."
} catch {
    Write-Error "❌ Failed to parse role assignments JSON input. Error: $_"
    exit 1
}

# Count to be used for logging
$successCount = 0
$failCount = 0
$skippingCount = 0

foreach ($assignment in $roleAssignments) {
    $assigneeName = $assignment.assigneeName
    $resourceName = $assignment.resourceName.ToLower()
    $provider = $assignment.provider.ToLower()
    $roles = $assignment.roles

    ...
}

Write-Host "📊 Role assignments completed. Success: $successCount, Failed: $failCount"
$DeploymentScriptOutputs = @{}
$DeploymentScriptOutputs['success'] = $successCount
$DeploymentScriptOutputs['fails'] = $failCount
$DeploymentScriptOutputs['skipping'] = $skippingCount
Solution

  • Deployment scripts (see documentation) run on Azure Container Instances.

    I imagine using icons (i.e.: ❌, 📊) in the logs would cause some issues as it can probably only handle plain text.