wip

mrlockstar · mrlockstar · commit a6ed2fff9bec · 2026-01-21T15:23:18.000Z
diff --git a/infrastructure/terraform/hub/virtual_desktop.tf b/infrastructure/terraform/hub/virtual_desktop.tf
@@ -41,6 +41,14 @@ resource "azurerm_role_assignment" "avd_autoscale_blue" {
   principal_id         = local.principal_id
 }
 
+# Assign role to Terraform SP so it can create role assignments
+resource "azurerm_role_assignment" "terraform_user_access_blue" {
+  for_each             = (local.deploy_blue_avd ? var.regions : {})
+
+  scope                = azurerm_resource_group.avd_blue[each.key].id
+  role_definition_name = "User Access Administrator"
+  principal_id         = local.principal_id
+}
 
 module "virtual-desktop-blue" {
   for_each = (local.deploy_blue_avd ? var.regions : {})
@@ -114,6 +122,14 @@ resource "azurerm_role_assignment" "avd_autoscale_green" {
   principal_id         = local.principal_id
 }
 
+# Assign role to Terraform SP so it can create role assignments
+resource "azurerm_role_assignment" "terraform_user_access_green" {
+  for_each             = (local.deploy_green_avd ? var.regions : {})
+
+  scope                = azurerm_resource_group.avd-green[each.key].id
+  role_definition_name = "User Access Administrator"
+  principal_id         = local.principal_id
+}
 
 # Green AVD deployment
 module "virtual-desktop-green" {
