- 09 Sep 2024
- 4 Minutes to read
- Print
Registering Azure Resource Providers
- Updated on 09 Sep 2024
- 4 Minutes to read
- Print
Microsoft Azure subscriptions come with a default set of Resource Providers to support creating various resources. Resources in Azure are made available by a Resource provider, and are registered to the subscription.
When attempting to create certain types of resources in Azure, an error may occur, preventing the resource from being created. This may happen because the Resource Provider for the type of resource that is being created has not been registered to the subscription.
Methods for Registering Resource Providers
To create resources that use Resource Providers that are not included in the default set provided with a new subscription, they will need to be registered to the subscription by a user with subscription-level access, using one of the following methods:
Best Practices for Registering Resource Providers
Only register a resource provider when you are ready to use it. This helps to maintain least privileges within your subscription. A malicious user can't use unregistered resource providers.
If you are creating a custom role-based access role to permit resource registrations, include all the subscriptions IDs you want to include in the custom role definition, in the assignable scopes section.
Registering Resource Providers
The first two commands will register all available Resource Providers at the time of running the Powershell command. Every time a new service is added to Azure, including Azure Marketplace, these commands will need to be executed again, to register new providers for the new services. The third command is used to register a specific Resource Provider.
Register All Available Resource Providers
To see a list of all available resource providers run the following PowerShell command:
Get-AzureRmResourceProvider -ListAvailable | select ProviderNamespace, RegistrationState
Note: you must be logged into the subscription with a user account with sufficient privileges to register Resource Providers while running these Powershell commands.
To see a list of resource providers that are not registered, run the following PowerShell Command:
Get-AzureRmResourceProvider -ListAvailable | where {$_.RegistrationState -eq "NotRegistered"} | Select ProviderNamespace, RegistrationState
To register all available resource providers in the current subscription run the following PowerShell command:
Get-AzureRmResourceProvider -ListAvailable | where {$_.RegistrationState -eq "NotRegistered"} | Register-AzureRmResourceProvider
Be aware that by issuing the above command, all resource types can be deployed by your lab developers and lab users. If you subsequently want to prevent a resource type from being provisioned, you must unregister a resource provider to prevent a particular from being provisioned in your subscription. This may not be easy if these are resource types have already been deployed and are being used.
Best Practice
Only register a resource provider when you are ready to use it. This helps to maintain least privileges within your subscription.
A malicious user can't use unregistered resource providers.
Register Specific Resource Provider
To register a specific resource provider run the following PowerShell command:
Register-AzureRmResourceProvider -ProviderNamespace ResourceProvider.Name
Replace "ResourceProvider.Name" with the name of the Resource Provider you wish to register. Refer the the Azure portal error message received when attempting to create resources, if you are not sure which Resource Provider is needed.
Additional Information
For more information, the following articles provide more information on how to view and register resource providers and resolve errors:
Create Custom Role for Registration of Resource Providers
This will allow Resource Group Owners to have the ability to register Resource providers using custom role-based access control. This custom role will grant only registration rights on the subscription. This role should be assigned in-addition to the built-in Resource Group Owner role.
Create a JSON file on your local computer, with the role definition below and name the file MycustomRole.JSON. Note the directory where the file is saved.
{"Name": "Register Microsoft providers","Description": "Can register Microsoft providers","Actions": [ "*/register/action" ],"AssignableScopes": [ "/subscriptions/[SUBSCRIPTION1_ID_GOES_HERE]","/subscriptions/[SUBSCRIPTION2_ID_GOES_HERE]","/subscriptions/[SUBSCRIPTION3_ID_GOES_HERE]" ]}
Replace
[SUBSCRIPTION1_ID_GOES_HERE]
,SUBSCRIPTION2_ID_GOES_HERE]
…etc. with all subscription IDs that you would like this role to be associated to.Best Practice
Custom role definition objects span subscriptions and persist on the Azure Active Directory tenant level. That means you can only have uniquely named custom roles defined across all subscriptions in a single tenant. So make sure you include all the subscriptions IDs you want to include in the above custom role definition in the assignable scopes section.
Execute the following PowerShell command:
New-AzureRmRoleDefinition -InputFile C:\MycustomRole.json
If your file is not saved at C:, change the directory in PowerShell to the directory where your file is saved (from step 1) and update the PowerShell command with the correct directory.
Navigate to https://portal.azure.com and assign the custom role to individual users or groups.
Select Subscriptions on the left-side navigation pane. If Subscriptions is not listed, click More services.
Select the subscription that the new role will be added to.
Select Access control (IAM).
Select Add.
Select Register Microsoft providers and click Ok.
Type the name of the user or group to add the role to, select the user or group and then click select.
Select Ok to add the role to the user or group.