Azure error creating resource group

Hey folks, am familiar with serverless and AWS, and am running through the examples to try and prove how this framework makes it easier to work multicloud, however ground to a halt in my first foray with azure. I don’t know azure, however I’m following the instructions in the for getting a boilerplate function deployed and all went well until the first serverless deploy. Hoping someone can point out what I’ve missed / got wrong or if I should go ahead and raise a bug report. Note it’s a completely new azure account, never used for anything before this.

➜ nplay-azure serverless deploy

WARNING: You are running v1.9.0. v1.10.0 will include the following breaking changes:
- Some lifecycle events for the deploy plugin will move to a new package plugin. More info ->

You can opt-out from these warnings by setting the “SLS_IGNORE_WARNING=*” environment variable.

Serverless: Packaging service…
Serverless: Logging in to Azure
Serverless: Creating resource group: nplay-rg

Error --------------------------------------------------

 The client 'd266f5f9-c2b5-4c49-b120-9c06602fb700' with
 object id 'd266f5f9-c2b5-4c49-b120-9c06602fb700' does
 not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write'
 over scope '/subscriptions/edba9b98-3bb8-4c6b-b0b9-bcd5737cebd3/resourcegroups/nplay-rg'.

 For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

Get Support --------------------------------------------

 Please report this error. We think it might be a bug.

Your Environment Information -----------------------------
OS: darwin
Node Version: 6.10.0
Serverless Version: 1.9.0

My identities in use are:

➜ nplay-azure azure account show
info: Executing command account show
data: Name : Free Trial
data: ID : edba9b98-3bb8-4c6b-b0b9-bcd5737cebd3
data: State : Enabled
data: Tenant ID : 0bfd13a6-34c6-4bb6-b0aa-d4983688cb1b
data: Is Default : true
data: Environment : AzureCloud
data: Has Certificate : No
data: Has Access Token : Yes

info: Executing command ad sp create

  • Creating application nplay
  • Creating service principal for application 43f4f6e7-9a8a-4d32-a045-4876490ed8bb
    data: Object Id: d266f5f9-c2b5-4c49-b120-9c06602fb700
    data: Display Name: nplay
    data: Service Principal Names:
    data: 43f4f6e7-9a8a-4d32-a045-4876490ed8bb
    data: http://nplay
    info: ad sp create command OK

➜ nplay-azure export azureSubId='edba9b98-3bb8-4c6b-b0b9-bcd5737cebd3’
➜ nplay-azure export azureServicePrincipalTenantId='0bfd13a6-34c6-4bb6-b0aa-d4983688cb1b’
➜ nplay-azure export azureServicePrincipalClientId=‘43f4f6e7-9a8a-4d32-a045-4876490ed8bb’

Thanks in advance!

Hey @alanwhite I get passed this issue by doing this from the credentials set-up.

azure role assignment create --objectId <objectIDFromCreateStep> -o Contributor

I think this is just an issue with the docs. Though I get an issue right after this step.

Thanks @GroundedSage! Makes sense, this line is indeed missing from the quickstart page but is indeed there on credentials. Speedy response much appreciated!