Search code examples
azureansibleazure-cloud-shell

Why Azure Cloud Shell is creating resource group in default subscription?


I changed the subscription of the current session in Azure Cloud Shell to a different subscription using Set-AzContext as follows. But when I create a Resource Group using Ansible playbook in the same session of Azure Cloud Shell, the resource group is still created in default subscription, why?

Set-AzContext -SubscriptionId "myOtherSubscription"

Above command successfully changed the subscription from default to myOtherSubscription and showed the result as follows:

Name                                     Account                         SubscriptionName                Environment                     TenantId
----                                     -------                         ----------------                -----------                     --------
Visual Studio Enterprise – MPN (a86c7y8… MSI@51342                       Visual Studio Enterprise – MPN  AzureCloud                      86eafd5a-8ce3-4d0c-981c-8dac1…

Then I ran the the ansible command ansible-playbook myplaybook_to_create_rg.yml that successfully created the resource group but still in the default subscription instead of inside myOtherSubscription. As shown in this example from Microsoft team there is no subscription mentioned in the ansible code for creating a resource group. That means it should create the resource group in the subscription that the Azure Cloud Shell in running on.


Solution

  • Your misunderstanding here is rooted in the fact that Ansible is not aware of the subscription selected as part of the AzContext you're working with. The documentation you linked corroborates this:

    When working with multiple subscriptions, specify the subscription Ansible uses by exporting the AZURE_SUBSCRIPTION_ID environment variable.

    For Cloud Shell, there are one of two ways to set which subscription Ansible uses dependent on your shell type:

    • For PowerShell based Cloud Shell instances, set the AZURE_SUBSCRIPTION_ID environment variable in the local scope by running:

      $env:AZURE_SUBSCRIPTION_ID="<your-subscription-id>"
      

      ... replacing the <your-subscription-id> placeholder with the target Azure subscription ID.

    • For bash-based Cloud Shells, you can use the export keyword to achieve the same thing:

      export AZURE_SUBSCRIPTION_ID="<your-subscription-id>"`
      

      ... replacing the <your-subscription-id> placeholder with the target Azure subscription ID.