wi

mrlockstar · mrlockstar · commit f6e992881148 · 2026-01-23T12:22:26.000Z
diff --git a/docs/infrastructure/bootstrap.md b/docs/infrastructure/bootstrap.md
@@ -1 +1,11 @@
 make hub-nonlive bootstrap
+
+
+# Find the AVD SP object id (run as someone with AAD read access)
+az ad sp show --id 9cdead84-a844-4324-93f2-b2e6bb768d07 --query id
+
+# Then assign the role (run as Owner)
+az role assignment create \
+  --assignee-object-id <AVD_SP_OBJECT_ID> \
+  --role "Desktop Virtualization Power On Contributor" \
+  --scope /subscriptions/<SUBSCRIPTION_ID>
diff --git a/infrastructure/bootstrap/hub.bicep b/infrastructure/bootstrap/hub.bicep
@@ -30,7 +30,6 @@ param enableSoftDelete bool
 
 // removed when generalised
 var appShortName = 'lungcs'
-//var appShortName = 'lungal'
 
 var devCenterSuffix = substring(uniqueString(subscription().id), 0, 3)
 var devCenterName = 'devc-hub-${hubType}-${regionShortName}-${devCenterSuffix}'
diff --git a/infrastructure/terraform/hub/virtual_desktop.tf b/infrastructure/terraform/hub/virtual_desktop.tf
@@ -156,45 +156,6 @@ resource "azurerm_resource_group" "avd_green" {
 # }
 
 
-data "azuread_service_principal" "avd_ms_sp" {
-  application_id = local.principal_id   # this is your "9cdead84-..." appId
-}
-
-
-resource "azurerm_role_definition" "avd_autoscale_operator" {
-  name        = "AVD Autoscale Operator"
-  scope       = data.azurerm_subscription.current.id
-  description = "Allows Azure Virtual Desktop Autoscale to manage session host power state"
-
-  permissions {
-    actions = [
-      "Microsoft.DesktopVirtualization/hostPools/read",
-      "Microsoft.DesktopVirtualization/hostPools/sessionHosts/read",
-      "Microsoft.DesktopVirtualization/hostPools/sessionHosts/write",
-      "Microsoft.Compute/virtualMachines/start/action",
-      "Microsoft.Compute/virtualMachines/deallocate/action",
-      "Microsoft.Compute/virtualMachines/read",
-      "Microsoft.Insights/autoscalesettings/*"
-    ]
-    not_actions = []
-  }
-
-  assignable_scopes = [
-    data.azurerm_subscription.current.id
-  ]
-}
-
-resource "azurerm_role_assignment" "avd_autoscale_blue_sp" {
-  for_each = local.deploy_blue_avd ? var.regions : {}
-
-  scope              = azurerm_resource_group.avd_blue[each.key].id
-  role_definition_id = azurerm_role_definition.avd_autoscale_operator.id
-  principal_id       = data.azuread_service_principal.avd_ms_sp.object_id
-  principal_type     = "ServicePrincipal"
-
-  # ensure role definition exists first
-  depends_on = [azurerm_role_definition.avd_autoscale_operator]
-}
 
 # Green AVD deployment
 module "virtual-desktop-green" {
