No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi all,
When creating a resource group in Azure, how do I specify which people have access to it (IAM)?

// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("PulumiTest", new ResourceGroupArgs
{
    Name = "PulumiTest",
});

There is a `RoleAssignment` resource. You assign a given role to the scope of the resource group ID.

I take it it's the: 'Pulumi.Azure.Role.Assignment' you are referring to?
How do I apply it?

Yes, that one. You set `PrincipalId` to a user or a group, `Scope` to resource group ID like ``/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup``, and the role name/id.

This grants permissions of the given role to the given principal at the given scope.

But how do you assign it ?
I don't see any properties (in the ResourceGroupArgs) with that name and neither in the CustomResourceOptions

<@USL4WHPGS> the Assignment resource *is* the assignment.

You assign simply by creating that resource.

So I just need to create a Role.Assignment variable and it will magically be assigned to the resource group?

Not magically: you create an assignment resource which references the resource group scope

It’s like you create a blob container which references a storage account. You don’t assign a container to an account.