Azure Question posted in
The official documentation to get you started can be found here.

Not able to deploy the serverless on Azure

I have set up a serverless application that needs to be deployed on Azure. I have completed all the setup mentioned in the documentation. Whenever I am trying to run sls deploy. It is giving:

Error: The client 'aa875774-ab8a-41e7-a567-0a4f0bc7cedc' with object id 'aa875774-ab8a-41e7-a567-0a4f0bc7cedc' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/SUBID/resourcegroups/sls-weur-dev-zucora-apps-rg' or the scope is invalid. If access was recently granted, please refresh your credentials.
    at new RestError (/Users/raman/Documents/project/node_modules/@azure/ms-rest-js/dist/msRest.node.js:1403:28)
    at /Users/raman/Documents/project/node_modules/@azure/ms-rest-js/dist/msRest.node.js:2592:37
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

I have tried adding the roles and permissions. The user that I am using is the admin user and has all the read and write permissions. But still getting the same error when deploying.

I am not able to see where to add RBAC in my permissions as mentioned here.

This deployment only contains functions.

The below image contains the screenshot for the IAM Access Control for the subscription. The user has both Owner and Contributor roles.

enter image description here

The below Screenshot contains the serverless.yml

enter image description here

I then created a new account and followed all the steps for a new account, and I am still getting the same error.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    After weeks of Research and hit and try, I have found a solution which worked for me.

    After following all the steps mentioned in the question, I had to assign the contributor role using the azure cli.

    As Azure RBAC (role-based access control) has these scopes in order - Management group -> Subscription -> Resource group -> Resources.

    I assigned the role using:

    az ad sp create-for-rbac --name "alchemy-serverless" --role contributor --scopes /subscriptions/<SUBID> --sdk-auth

    And After that I exported all IDs and secrets form here:

    $ export AZURE_SUBSCRIPTION_ID='<subscriptionId>'
$ export AZURE_TENANT_ID='<tenantId>'
$ export AZURE_CLIENT_ID='<servicePrincipalId>'
$ export AZURE_CLIENT_SECRET='<password>'

    After that things started to work for me.


  2. 0

    I got the same error when I tried to deploy the serverless azure function using sls deploy:

    enter image description here

    To resolve this error, you should assign Contributor role to the User in the Subscription.

    enter image description here

    • Updated Subscription ID in Serverless.yml:
    provider:
  name: azure
  region: West US 2
  runtime: nodejs12
  # os: windows  # windows is default, linux is available
  # prefix: "sample"  # prefix of generated resource name
  subscriptionId: <Subscription_ID>
    • I could deploy the Serverless app to Azure:
    C:Usersunameslsapp>sls deploy
Running "serverless" from node_modules
Initializing provider configuration...
Warning: You're relying on provider "azure" defined by a plugin which doesn't provide a validation schema for its config.
Please report the issue at its bug tracker linking: https://www.serverless.com/framework/docs/providers/aws/guide/plugins#extending-validation-schema
You may turn off this message with "configValidationMode: off" setting

Removing .serverless directory
Parsing Azure Functions Bindings.json...
Parsing Azure Functions Bindings.json...
Building binding for function: hello event: httpTrigger
Building binding for function: goodbye event: httpTrigger
Logging into Azure
Using subscription ID: <subscription_id>
Creating resource group: sls-wus2-dev-slsapp-rg
Creating function app: sls-wus2-dev-slsapp
-> Creating ARM template from type: consumption
-> Merging environment configuration
Listing deployments for resource group 'sls-wus2-dev-slsapp-rg':
-> Deploying ARM template...
---> Resource Group: sls-wus2-dev-slsapp-rg
---> Deployment Name: slswus2devslsapp-DEPLOYMENT-t1716290176855
-> ARM deployment complete
Deploying serverless functions...
Deploying zip file to function app: sls-wus2-dev-slsapp
-> Deploying service package @ C:Usersunameslsapp.serverlessslsapp.zip
Publishing to URI: https://sls-wus2-dev-slsapp.scm.azurewebsites.net/api/zipdeploy
Uploading file at 'C:Usersunameslsapp.serverlessslsapp.zip' to container 'deployment-artifacts' with name 'slswus2devslsapp-ARTIFACT-t1716290176855.zip'
Finished uploading blob
-> Function package uploaded successfully
Deployed serverless functions:
-> goodbye: [GET] sls-wus2-dev-slsapp.azurewebsites.net/api/goodbye
-> hello: [GET] sls-wus2-dev-slsapp.azurewebsites.net/api/hello

    Portal:

    enter image description here

    Hello function:

    enter image description here

    Goodbye function:

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search