Azure ARM Template Deploy

I am trying to deploy and Azure ARM template, but is getting the error, "The client ‘aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa’ with object id aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa’ does not have authorization to perform action ‘Microsoft.Resources/deployments/write’ over scope ‘/subscriptions/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/resourcegroups//providers/Microsoft.Resources/deployments/deploy-arm-templates-a1a1a1a1a1a1a1a1a1a1a1’ or the scope is invalid. If access was recently granted, please refresh your credentials. "

I know aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa is the incorrect value, and have got the correct valuem but I cannot figure out where to change it. The value is in a variable set that is referenced, but it is not used in the deploy.

Where is this value set?

Hi @francois.terblans2,

Thanks for getting in touch!

When you say that the value is within a variable set, is this variable set linked to this project at all?
You can check this in Project > Variables > Library Sets
e.g.

If it is linked then, depending on the scoping of the variable it may be accessible to the deployment even if not directly invoked.

Another location worth checking is the Account being used within the step. If you check which account is configured and then head to Infrastructure > Accounts and select it. Is the incorrect value configured in there?
If so, it should just be a case of either amending that account or creating a new one specifically for this project\step to use.

Regards,
Paul

The variables check out. I can see they are available to the step.
How do I check which account is used in the step?

I have checked the arm template files and the client is not in there. So it must be coming from Octopus somewhere…

So, assuming that you’re using the Deploy an Azure Resource Manager template step:
image

Then within that step there will be an Account section:

This will either directly specify an account from within Infrastructure > Accounts or it will have a variable placed in there.
If it is a variable then you will need to locate the variable either within the Project variables or a library variable set and check the scoping of the variable values to determine which will apply to that step and amend as necessary.

It may also be useful to add a Project variable named OctopusPrintEvaluatedVariables with a value of true and then create a new release and deployment. This variable will output all variables and values used during the deployment. This may enable you to identify where the incorrect client ID is coming from.

@paul.calvert , thank you very much. That solved my problem.