Adds IAM roles for the Managed Identity Module
This adds the ability to pass in a list of roles to be assigned to the managed identity user.
This commit is contained in:
parent
f76934eaaf
commit
11404a6e5b
@ -8,4 +8,13 @@ resource "azurerm_user_assigned_identity" "identity" {
|
||||
location = azurerm_resource_group.identity.location
|
||||
|
||||
name = "${var.name}-${var.environment}-${var.identity}"
|
||||
}
|
||||
}
|
||||
|
||||
data "azurerm_subscription" "primary" {}
|
||||
|
||||
resource "azurerm_role_assignment" "roles" {
|
||||
count = length(var.roles)
|
||||
scope = data.azurerm_subscription.primary.id
|
||||
role_definition_name = var.roles[count.index]
|
||||
principal_id = azurerm_user_assigned_identity.identity.principal_id
|
||||
}
|
||||
|
@ -22,3 +22,8 @@ variable "identity" {
|
||||
type = string
|
||||
description = "Name of the managed identity to create"
|
||||
}
|
||||
|
||||
variable "roles" {
|
||||
type = list
|
||||
description = "List of roles by name"
|
||||
}
|
||||
|
@ -5,4 +5,6 @@ module "keyvault_reader_identity" {
|
||||
environment = var.environment
|
||||
region = var.region
|
||||
identity = "${var.name}-${var.environment}-vault-reader"
|
||||
roles = ["Reader", "Managed Identity Operator"]
|
||||
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user