Packer support for using managed identity across Azure subscriptions


Hope someone can assist with the below:

Running packer on a Azure DevOps self-hosted agent. This is running on a kubernetes cluster in Subscription A. The DevOps agents are assigned User Assigned Identities which Packer is configured to use to authenticate the azure-arm builder.

In Subscription B we have a resource group into which we would like to put the Managed Images created by Packer.

When packer runs it fails as it cannot find the resource group for the managed images.

In the builder documentation there is the following statement:
“If none of these options are specified, Packer will attempt to use the Managed Identity and subscription of the VM that Packer is running on.”.

This is the cause of my issue and I do not see any option to pass in a subscription_id for the managed image resource group. Am I missing something? Is there a workaround for this scenario and it it cannot be done already, would this be a valid feature request?

I’m new to Packer so just finding my feet. Having used terraform for a while in the aforementioned scenarios I am surprised that I cannot seem to make this work.

Thanks in advance.