I am getting authorization error on 'Microsoft.Insights/Metrics/write'
I have a virtual machine resource and a service principle that has contributor role. I am trying to emit metrics against a virtual machine resource. Following the guide here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-store-custom-rest-api
But I am getting this error:
{"error":{"code":"AuthenticationFailed","message":"The Azure AD object '0f6a81eb-8950-43eb-989a-f715fb84e4e2' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'. "}}
Here is what I am doing:
curl -X POST https://westus2.monitoring.azure.com/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine/metrics -H "Content-Type: application/json" -H "Authorization: Bearer <auth-code>" -d @custommetric.json
and the error I get:
{"error":{"code":"AuthenticationFailed","message":"The Azure AD object '0f6a81eb-8950-43eb-989a-f715fb84e4e2' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'. "}}
Does any one know why this happens? I have the required permissions and the service principle has also been given the permission.