如何使用ARM模板在AppInsight Access控制中添加角色

时间:2019-02-28 08:50:07

标签: azure-devops azure-resource-manager appinsights

我正在尝试使用ARM模板在AppInsight Access控件中添加角色分配。 我可以使用ARM模板创建AppInsight,但是无法继续在App Insight Access控件中添加角色分配。以下是我使用ARM模板创建App Insight的代码

"resources": [
    {
        "type": "Microsoft.Insights/components",
        "kind": "web",
        "name": "[parameters('components_AppInsightPoc_name')]",
        "apiVersion": "2015-05-01",
        "location": "westus2",
        "scale": null,
        "properties": {
            "Application_Type": "web",
            "Flow_Type": "Redfield",
            "Request_Source": "IbizaAIExtension",
            "HockeyAppId": null,
            "SamplingPercentage": null
        }
    }
]

3 个答案:

答案 0 :(得分:0)

您可以使用此代码段将RBAC角色添加到资源:

{
    "type": "Microsoft.Insights/components/providers/roleAssignments",
    "apiVersion": "2017-05-01",
    "name": "[concat(parameters('components_AppInsightPoc_name'), '/Microsoft.Authorization/', guid('something'))]",
    "properties": {
        "roleDefinitionId": "[concat(subscription().Id, '/providers/Microsoft.Authorization/roleDefinitions/', 'role_guid')]",
        "principalId": "user_guid",
        "scope": "[resourceId('Microsoft.Insights/components', parameters('components_AppInsightPoc_name'))"
    }
}

您可以通过powershell获得角色指导:

Get-AzRoleDefinition

答案 1 :(得分:0)

可以使用以下代码添加RBAC for App Insights 

  "resources": [
    {
      "type": "Microsoft.Insights/components/providers/roleAssignments",
      "apiVersion": "2017-05-01",
      "name": "[concat(parameters('AppInsightName'),'/Microsoft.Authorization/',guid('AppInsightName'))]",
      "properties": {
        "roleDefinitionId": "[variables(parameters('builtInRoleType'))]",
        "principalId": "[parameters('principalId')]"
      }
    }
  ]

答案 2 :(得分:0)

我针对以下问题发布了答案:Apply Azure RBAC to resource using ARM

我有一个角色ID数组,我想添加为App Insight资源上的所有者,而没有使用户成为资源组级别的所有者。我不想使用嵌套资源方法,因为我想遍历一个对象数组以动态创建角色,因此在调整类型,名称和作用域属性之后,以下资源块才对我有用:

    {
      "comments": "Add the Application Insights resource",
      "apiVersion": "2014-04-01",
      "name": "[variables('appInsightsName')]",
      "type": "Microsoft.Insights/components",
      "location": "[resourceGroup().location]",
      "properties": {
        "ApplicationId": "[variables('appInsightsName')]"
      }
    },
    {
      "comments": "Add the IAM roles to the App Insights resource",
      "condition": "[parameters('isProduction')]",
      "type": "Microsoft.Insights/components/providers/roleAssignments",
      "name": "[concat(variables('appInsightsName'),'/Microsoft.Authorization/',guid(parameters('roleAssignments')[copyIndex()].principalId))]",
      "apiVersion": "2017-05-01",
      "location": "[resourceGroup().location]",
      "properties": {
        "roleDefinitionId": "[concat(subscription().Id, '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", // Owner Role
        "principalId": "[parameters('roleAssignments')[copyIndex()].principalId]",
        "scope": "[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]"
      },
      "copy": {
        "name": "appInsightsRoleAssignments",
        "count": "[length(parameters('roleAssignments'))]"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Insights/components', variables('appInsightsName'))]"
      ]
    }

请密切注意 Microsoft.Insights / components / providers / roleAssignments 资源的类型,名称和范围属性中的细分。

相关问题
最新问题