Azure Custom Roles

Working in a secure customer environment, we had requirements of custom roles for Private AKS Cluster Deployment.

  • Create Role Definition JSON as per the requirement
{
  "Name": "Network Reader",
  "IsCustom": true,
  "Description": "Can read Network Properties.",
  "Actions": [
    "Microsoft.Network/virtualNetworks/subnets/read"
  ],
  "NotActions": [],
  "AssignableScopes": [
  "/subscriptions/<subscripion Id>"
  ]
}
  • Deploy Role Definition to azure
az role definition create --role-definition ~/roles/vmoperator.json
Create Role Definition
  • Update Role definition if required
{
  "Name": "Network Reader",
  "IsCustom": true,
  "Description": "Can read and join Network",
  "Actions": [
    "Microsoft.Network/virtualNetworks/subnets/read",
	"Microsoft.Network/virtualNetworks/subnets/join/action"
  ],
  "NotActions": [],
  "AssignableScopes": [
  "/subscriptions/d3819925-7e44-4f5f-8733-1067beaa45ec"
  ]
}
  • Deploy updated Role definition
az role definition update --role-definition amlnetwork.json
Update Role Definition
  • Assign Role Definition
az role assignment create --assignee <client id> --scope "<resourceid>" --role "Network Reader"
Assign Role