better-shampoo-48884
03/21/2021, 12:06 PMconst aksToACRRoleAssignment = new azure.authorization.RoleAssignment("aks-to-acr", {
roleAssignmentName: new random.RandomUuid("aks-to-acr-RA").result,
scope: myACR.id
roleDefinitionId: "/subscriptions/<insert_sub_here>/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d", // acrpull Role Defenition
principalId: myAKS.identityProfile.apply(identityProfile => identityProfile?.kubeletidentity.objectId).apply(objectId => objectId ?? "<preview>") // gets the kubelet managed identity :)
})
For the roleDefenitionId - I just did az role definition list --output json --query "[].{roleName:roleName, description:description, id:id}" > roleDefenitions.json
once and found the role id from there 🙂