Why Azure Cloud Shell is creating resource group in default subscription?

1
votes

I changed the subscription of the current session in Azure Cloud Shell to a different subscription using Set-AzContext as follows. But when I create a Resource Group using Ansible playbook in the same session of Azure Cloud Shell, the resource group is still created in default subscription, why?

Set-AzContext -SubscriptionId "myOtherSubscription"

Above command successfully changed the subscription from default to myOtherSubscription and showed the result as follows:

Name                                     Account                         SubscriptionName                Environment                     TenantId
----                                     -------                         ----------------                -----------                     --------
Visual Studio Enterprise – MPN (a86c7y8… MSI@51342                       Visual Studio Enterprise – MPN  AzureCloud                      86eafd5a-8ce3-4d0c-981c-8dac1…

Then I ran the the ansible command ansible-playbook myplaybook_to_create_rg.yml that successfully created the resource group but still in the default subscription instead of inside myOtherSubscription. As shown in this example from Microsoft team there is no subscription mentioned in the ansible code for creating a resource group. That means it should create the resource group in the subscription that the Azure Cloud Shell in running on.

1
azureansibleazure-cloud-shell
What's the value of your AZURE_SUBSCRIPTION_ID environment variable (PowerShell: $env:AZURE_SUBSCRIPTION_ID)? Is it the ID of myOtherSubscription or another subscription? It's specifically mentioned in the linked article that the Ansible playbook uses that to determine which subscription to use: "When working with multiple subscriptions, specify the subscription Ansible uses by exporting the AZURE_SUBSCRIPTION_ID environment variable."esqew
@esqew I think you got it. As explained here I first need to run export AZURE_SUBSCRIPTION_ID=<your-subscription-id> with my-subscription-id. Let me try it first.nam
@esqew No. It still created the resource group inside default subscription. How do I check the value of AZURE_SUBSCRIPTION_ID in the current session of Azure Cloud Shell?nam
The answer to your follow up will depend solely on the shell type you selected when setting up your Cloud Shell. As I mentioned before, for PowerShell-based Cloud Shells you can run a simple $env:AZURE_SUBSCRIPTION_ID to print the current value; in Bash-based shells you should be able to use something like echo $AZURE_SUBSCRIPTION_ID.esqew
Can you try one more thing? It's been a while since I've used PowerShell intensively for tasks relating to environment variables, and I just now looked up the proper syntax for exporting environment variables. Can you try to simply run $env:AZURE_SUBSCRIPTION_ID="<your-subscription-id>" to create the locally-scoped environment variable and re-run the Ansible playbook in the Cloud Shell? The issue may be that you're attempting to use export which isn't valid in a PowerShell-based environment. You should have gotten a big red error when trying to run the export... command.esqew

1 Answers

1
votes

Your misunderstanding here is rooted in the fact that Ansible is not aware of the subscription selected as part of the AzContext you're working with. The documentation you linked corroborates this:

When working with multiple subscriptions, specify the subscription Ansible uses by exporting the AZURE_SUBSCRIPTION_ID environment variable.

For Cloud Shell, there are one of two ways to set which subscription Ansible uses dependent on your shell type:

  • For PowerShell based Cloud Shell instances, set the AZURE_SUBSCRIPTION_ID environment variable in the local scope by running:

    $env:AZURE_SUBSCRIPTION_ID="<your-subscription-id>"

    ... replacing the <your-subscription-id> placeholder with the target Azure subscription ID.

  • For bash-based Cloud Shells, you can use the export keyword to achieve the same thing:

    export AZURE_SUBSCRIPTION_ID="<your-subscription-id>"`

    ... replacing the <your-subscription-id> placeholder with the target Azure subscription ID.