Aviatrix Required Custom Role Permissions
{
"properties": {
"roleName": "Aviatrix Controller Custom Role",
"description": "Custom role for Aviatrix Controller",
"assignableScopes": [],
"permissions": [
{
"actions": [
"Microsoft.MarketplaceOrdering/offerTypes/publishers/offers/plans/agreements/*",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/publicIPAddresses/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/loadBalancers/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Resources/*/read",
"Microsoft.Resourcehealth/events/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/tags/*",
"Microsoft.Resources/marketplace/purchase/*",
"Microsoft.Resources/subscriptions/resourceGroups/*"
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
"Microsoft.ContainerService/managedClusters/read"
],
"notActions": [],
"dataActions":[],
"notDataActions":[]
}
]
}
}
For Azure China, remove "Microsoft.MarketplaceOrdering/offerTypes/publishers/offers/plans/agreements/" and "Microsoft.Resources/marketplace/purchase/" from "actions".
| The Microsoft.ContainerService lines in the above json file example allow for the discovery of your AKS clusters. |