Azure-docs: Expansion on Shared Image Gallery with Multiple Subscriptions
I appreciate some of the subscription questions in the FAQ around SIG. It would be helpful to have an expanded document that shows how using SIG is supported with Multiple Subscriptions. I have a customer who deploys many subscriptions because of organizational ownership, but has centralized image management online. They don't want to have to manage a SIG per subscription, and then have replication across multiple regions. If they could have one SUB with the SIG and replication across the supported regions for the org, and then call that SIG from the peer subscriptions in the same tenant that would be helpful. I don't see anything that shows how that works in this doc. Seems like it is supported but there's some serious caveats.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 0d150ace-bd6d-8111-79b5-0ce7cb76a378
- Version Independent ID: 13a828ae-ae92-9ea7-5f37-5a69eeeb87b7
- Content: Share VM images with Shared Image Gallery in Azure
- Content Source: articles/virtual-machines/windows/shared-image-galleries.md
- Service: virtual-machines-windows
- GitHub Login: @axayjo
- Microsoft Alias: akjosh; cynthn
johnwildes
All 5 comments
Thanks for the feedback! We are currently investigating and will update you shortly.
mimckitt
on 10 May 2019
@johnwildes
Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.
Karishma-Tiwari-MSFT
on 13 May 2019
Yes, this feature is really needed for customer with many subscriptions. Look forward to the update. Thanks!
jialinp
on 30 May 2019
This is built-in now. Set up your SIG in one subscription, add your images and replicate them to the regions required. After the images are replicated, use the IAM settings of the Gallery to grant the RBAC 'Reader' role to the people/groups/principals who should access and use the images in the gallery. If you prefer to limit specific images you can set the RBAC role at the Image Definition or Image Version scope as needed.
DPatters7
on 26 Jul 2019
@johnwildes Thank you for the feedback! I've added more information into the Shared Image Gallery for using RBAC to share at the Gallery level (which is recommended). Please let me know if you think something additional is needed.
please-close
cynthn
on 6 Aug 2019
Related issues
paulmarshall
·
3Comments
jebeld17
·
3Comments
jharbieh
·
3Comments
Favna
·
3Comments
jamesgallagher-ie
·
3Comments
Most helpful comment
This is built-in now. Set up your SIG in one subscription, add your images and replicate them to the regions required. After the images are replicated, use the IAM settings of the Gallery to grant the RBAC 'Reader' role to the people/groups/principals who should access and use the images in the gallery. If you prefer to limit specific images you can set the RBAC role at the Image Definition or Image Version scope as needed.