Adds IAM roles for the Managed Identity Module

This adds the ability to pass in a list of roles to be assigned to the
managed identity user.
This commit is contained in:
Rob Gil 2020-01-07 14:00:27 -05:00
parent f76934eaaf
commit 11404a6e5b
3 changed files with 17 additions and 1 deletions

View File

@ -8,4 +8,13 @@ resource "azurerm_user_assigned_identity" "identity" {
location = azurerm_resource_group.identity.location
name = "${var.name}-${var.environment}-${var.identity}"
}
}
data "azurerm_subscription" "primary" {}
resource "azurerm_role_assignment" "roles" {
count = length(var.roles)
scope = data.azurerm_subscription.primary.id
role_definition_name = var.roles[count.index]
principal_id = azurerm_user_assigned_identity.identity.principal_id
}

View File

@ -22,3 +22,8 @@ variable "identity" {
type = string
description = "Name of the managed identity to create"
}
variable "roles" {
type = list
description = "List of roles by name"
}

View File

@ -5,4 +5,6 @@ module "keyvault_reader_identity" {
environment = var.environment
region = var.region
identity = "${var.name}-${var.environment}-vault-reader"
roles = ["Reader", "Managed Identity Operator"]
}