Set-AzActionGroup : Exception type: ErrorResponseException

0
votes

I am running a powershell script in Azure function App. The script creates an action group and metric alerts on a cosmosDB container, But the action group creation command fails, i tried with both resourceGroup name and ResourceId , it still fails.

command :

$RID = (Get-AzResource -ResourceType $containerResourceType -ApiVersion $apiVersion -ResourceGroupName $ResourceGroup -Name $containerResourceName).ResourceId

$email1=New-AzActionGroupReceiver -Name $name -EmailReceiver -EmailAddress $Eid
$email2=New-AzActionGroupReceiver -Name $name1 -EmailReceiver -EmailAddress $Eid2
Set-AzActionGroup -ResourceId $RID -ShortName "DAEAG" -Receiver $email1,$email2

I tried the Set-AzActionGroup command with resourceGroup (name) as well, it gives the same error which is,

[Error] ERROR: Set-AzActionGroup : Exception type: ErrorResponseException, Message: Microsoft.Azure.Management.Monitor.Models.ErrorResponseException: Operation returned an invalid status code 'Forbidden'

Note : Azure function app connects to Azure subscription using managed Identity fucntion App onject_id is added to roles in cosmosdb account.

1
azurepowershellazure-cosmosdbalertsazure-function-app

1 Answers

1
votes

Update : I figured out the issue. I was assigning the Role for the Azure function at the CosmosDb resource level manually,which would give function access to just CosmosDB, but to reach that resource it also needs access to Resource Group . i then assigned the role at the Resource group level , which cosmodb resource would automatically inherit it. This solved the problem. Thank you