From f84cf8590cd3bfc6d6a51e304ccd8270c91765cf Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 1 Oct 2025 11:44:03 +0100 Subject: [PATCH] Add in additional permissions for the AVD to deploy Have to add role assignment "Desktop Virtualization Power On Off Contributor" to allow AVD to deploy in the Lung project. --- infrastructure/modules/virtual-desktop/main.tf | 8 ++++++++ infrastructure/modules/virtual-desktop/variables.tf | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/infrastructure/modules/virtual-desktop/main.tf b/infrastructure/modules/virtual-desktop/main.tf index dad9a577..5339b6d0 100644 --- a/infrastructure/modules/virtual-desktop/main.tf +++ b/infrastructure/modules/virtual-desktop/main.tf @@ -58,6 +58,14 @@ resource "azurerm_virtual_desktop_workspace_application_group_association" "this workspace_id = azurerm_virtual_desktop_workspace.this.id } +resource "azurerm_role_assignment" "avd_autoscale_hostpool" { + count = var.principal_id == null ? 0 : 1 + + scope = azurerm_virtual_desktop_host_pool.this.id + role_definition_name = "Desktop Virtualization Power On Off Contributor" + principal_id = var.principal_id +} + resource "azurerm_role_assignment" "rg_users" { scope = var.resource_group_id role_definition_name = "Virtual Machine User Login" diff --git a/infrastructure/modules/virtual-desktop/variables.tf b/infrastructure/modules/virtual-desktop/variables.tf index 8dd7ec75..612b98ad 100644 --- a/infrastructure/modules/virtual-desktop/variables.tf +++ b/infrastructure/modules/virtual-desktop/variables.tf @@ -187,3 +187,9 @@ variable "tags" { type = map(string) default = {} } + +variable "principal_id" { + description = "The principal (object) ID to assign the 'Desktop Virtualization Power On Off Contributor' role to the host pool. If null, the role assignment will not be created. This maintains backward compatibility for existing deployments. The role is required for autoscaling but can be omitted if autoscaling is not used or the role is assigned manually." + type = string + default = null +}