Add in additional permissions for the AVD to deploy

mrlockstar · mrlockstar · commit f84cf8590cd3 · 2026-03-18T14:14:54.000Z
Have to add role assignment "Desktop Virtualization Power On Off Contributor" to allow AVD to deploy in the Lung project.
diff --git a/infrastructure/modules/virtual-desktop/main.tf b/infrastructure/modules/virtual-desktop/main.tf
@@ -58,6 +58,14 @@ resource "azurerm_virtual_desktop_workspace_application_group_association" "this
   workspace_id         = azurerm_virtual_desktop_workspace.this.id
 }
 
+resource "azurerm_role_assignment" "avd_autoscale_hostpool" {
+  count = var.principal_id == null ? 0 : 1
+
+  scope                = azurerm_virtual_desktop_host_pool.this.id
+  role_definition_name = "Desktop Virtualization Power On Off Contributor"
+  principal_id         = var.principal_id
+}
+
 resource "azurerm_role_assignment" "rg_users" {
   scope                = var.resource_group_id
   role_definition_name = "Virtual Machine User Login"
diff --git a/infrastructure/modules/virtual-desktop/variables.tf b/infrastructure/modules/virtual-desktop/variables.tf
@@ -187,3 +187,9 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "principal_id" {
+  description = "The principal (object) ID to assign the 'Desktop Virtualization Power On Off Contributor' role to the host pool. If null, the role assignment will not be created. This maintains backward compatibility for existing deployments. The role is required for autoscaling but can be omitted if autoscaling is not used or the role is assigned manually."
+  type        = string
+  default     = null
+}
