Not able to create AKS with role assignment write for subnet and ACR registry in Azure Cloud

Question

I am trying to create Azure Kubernetes Service (AKS) with earlier created virtual network (VN) and container registry (ACR). I am facing below errors.

My user id does not have sufficient permissions to perform this action. Only with basic network settings and no ACR binding, I can create AKS cluster. Which role, at Active Directory (AD) level and at subscription level, should my user id be having to create this AKS service?

Answer 1

You don't need any permissions on Azure AD level for this to work, but you need Microsoft.Authorization/roleAssignments/write permissions on the adequate scopes to be able to assign permissions. A built-in role of Owner grants that. Otherwise - create a custom role and assign that to your user.