none
Azure Shared Image Gallery Multi-tenant RRS feed

  • Question

  • Hi All,

      I have created shared image gallery in tenant1 and I am able to create VMs using this image across all subscriptions in this tenant. Used CLI, powershell and Terraform and it worked fine

    When I try to create a VM in Tenant-2 with Shared Image Galley available in Tenant-1, I am facing some issues. I am able to create the VM in tenant by using CLI and power shell, but when using Terraform it is failing with below error.

    Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope '/subscriptions/*aaaaaaaaaaaaaaaa/resourceGroups/mygroup/providers/Microsoft.Compute/virtualMachines/sigvm-01', however the current tenant 'bbbbbbbbbbbbbbb' is not authorized to access linked subscription 'ccccccccccccccccccccc'."

    aaaaaaaaaaaaaa -> is the subscription ID in Tenant-2 where I am trying to create VM

    bbbbbbbbbbbbbb -> is the tenant ID of tenant 2

    cccccccccccccccc  ->  is the subscription ID in tenant1

    ANY help is much appreciated.

    Thank You

      

    Thursday, September 12, 2019 5:52 AM

Answers

  • Yes, It is not supported through terraform currently. Product group is working on this but I do not have an ETA regarding this. 

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    • Marked as answer by Nice Thomas Friday, September 13, 2019 7:00 AM
    Thursday, September 12, 2019 10:16 AM
    Moderator
  • All,

      Can you please help in this regard.

    Thank You

    • Marked as answer by Nice Thomas Friday, September 27, 2019 10:06 AM
    Monday, September 23, 2019 5:54 AM

All replies

  • Hi, 

    Using images from Shared image gallery in a different tenant is supported only through Powershell and CLI. Using Portal and other methods are not supported yet.

    REF: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/share-images-across-tenants#give-tenant-2-access


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Thursday, September 12, 2019 6:37 AM
    Moderator
  • Thanks for prompt response.. you confirming that it is not possible via terraform as well?

    As I saw a post  here github.com/terraform-providers/terraform-provider-azurerm/issues/3548   but not sure how can I try that as well.

    • Edited by Nice Thomas Thursday, September 12, 2019 7:13 AM more details added
    Thursday, September 12, 2019 7:09 AM
  • Yes, It is not supported through terraform currently. Product group is working on this but I do not have an ETA regarding this. 

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    • Marked as answer by Nice Thomas Friday, September 13, 2019 7:00 AM
    Thursday, September 12, 2019 10:16 AM
    Moderator
  • Hi

    We got the 1.34 version released and I am getting the error I pasted initially. My Azure Shared Image galleries are in tenant-1 and I am trying to deploy a VM in tenant-2 using this SIG in tenant-1.

    ####  connecting to tenant -2 ########
    provider "azurerm" {
      subscription_id = "${var.subscription_id}"
      client_id       = "${var.client_id}"
      client_secret   = "${var.client_secret}"
      tenant_id       = "${var.tenant_id}"
    }
    
    #####  connecting to tenant -1 ######## Provider for fetching the SIG resource
    provider "azurerm" {
      alias           = "sig-resources-id"
      subscription_id = "${var.sig_subscription_id}"
      client_id       = "${var.sig_client_id}"
      client_secret   = "${var.sig_client_secret}"
      tenant_id       = "${var.sig_tenant_id}"
    }

    using alias I fetches the image ID and use this ID to provision in tenant-2 and is not working. Any suggestions here?

    Wednesday, September 18, 2019 4:04 PM
  • All,

      Can you please help in this regard.

    Thank You

    • Marked as answer by Nice Thomas Friday, September 27, 2019 10:06 AM
    Monday, September 23, 2019 5:54 AM