Not able to create new Subscription using Terraform

pawan-debug · March 14, 2023, 4:58pm

Using the same service connection in CLI script, new subscription is created but when I try to create using Terraform, it said,

Error: creating new Subscription (Alias “*******************”): subscription.AliasClient#Create: Failure sending request: StatusCode=401 – Original Error: Code=“UserNotAuthorized” Message=“User is not authorized to create subscriptions on this enrollment account”

Terraform Version
1.1.6
AzureRM Provider Version
3.46.0

script ref
data “azurerm_billing_enrollment_account_scope” “example” {
billing_account_name = “1234567890”
enrollment_account_name = “0123456”
}

resource “azurerm_subscription” “example” {
subscription_name = “My Example EA Subscription”
billing_scope_id = data.azurerm_billing_enrollment_account_scope.example.id
}

h311126 · March 14, 2023, 6:21pm

Based on the error, it appears the account this is running as does not have permissions at the EA level to create a new subscription.

pawan-debug · March 15, 2023, 6:28am

agreed, but with same account, I am able to create using Azure CLI command. if permission issue is with SPN then it should not create using CLI.

pawan-debug · March 17, 2023, 5:53am

Finally I got the solution. in Azure DevOPS, service connection scope was subscription and now I changed it to Management group which is working fine.
Doc ref

Topic		Replies	Views
Creating new Subscriptions through Terraform Azure	3	6534	February 16, 2022
Permissions error on subscription after azurerm provider upgrade Azure azure	7	2898	June 12, 2023
Problems managing subscriptions with aliases Azure	2	2902	July 3, 2022
Import Azure Subscription Not Created with Terraform Azure	1	174	July 23, 2024
Create resources in a newly created subscription Azure azure	1	758	March 15, 2024

Not able to create new Subscription using Terraform

Related topics