wip

Author: mrlockstar

docs/infrastructure/new-subscription-setup.md

@@ -68,3 +68,12 @@ Once the feature 'EncryptionAtHost' is registered, invoking 'az provider registe
   "type": "Microsoft.Features/providers/features"
 }
 alastairlock@Mac lung_cancer_screening %
+
+
+
+
+
+az role assignment create \
+  --assignee 6b64ad54-d76b-4ab8-975b-1e99b1a406cd \
+  --role "User Access Administrator" \
+  --scope /subscriptions/9061cb83-ab36-43cf-9ec8-88431961af30

infrastructure/terraform/hub/virtual_desktop.tf

@@ -41,6 +41,17 @@ resource "azurerm_role_assignment" "avd_autoscale_blue" {
   principal_id         = local.principal_id
 }
 
+
+resource "azurerm_role_assignment" "avd_autoscale_blue_vm_contributor" {
+  for_each = (local.deploy_blue_avd ? var.regions : {})
+
+  scope                = azurerm_resource_group.avd_blue[each.key].id
+  role_definition_name = "Virtual Machine Contributor"
+
+  # Azure Virtual Desktop autoscale service principal (Microsoft-managed)
+  principal_id         = local.principal_id
+}
+
 # Assign role to Terraform SP so it can create role assignments
 resource "azurerm_role_assignment" "terraform_user_access_blue" {
   for_each             = (local.deploy_blue_avd ? var.regions : {})