Azure Role to start and stop a VM

Here is an example how to give start and stop access to a user on a VM in Azure. The role also gives read access to the VM.

{
  "Name": "Virtual Machine Start and Stop",
  "IsCustom": true,
  "Description": "Can start and stop virtual machines.",
  "Actions": [
    "Microsoft.Compute/*/read",
    "Microsoft.Compute/virtualMachines/start/action",
    "Microsoft.Compute/virtualMachines/deallocate/action",
    "Microsoft.Compute/virtualMachines/restart/action"
  ],
  "NotActions": [],
  "DataActions": [],
  "NotDataActions": [],
  "AssignableScopes": [
    "/subscriptions/{subscriptionid}"
  ]
}
Import the role in Azure

Open Azure cloud shell and use bash. Type the command “code start_stop_vm.json”, paste the role-json-code and save it.

In the shell, run the following command: az role definition create –role-definition “start_stop_vm_role.json”

Add users to the role that only should have permissions to start and stop the VM.

For more inspiration see this links:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftcompute

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.