Skip to content

TheSoftwareHouse/terraform-azurerm-role-assignment

BranchesTags

Repository files navigation

terraform-role-assignment

Assign roles to users, groups and service principals

This Terraform module assigns BUILT IN roles to users, groups and service principals.

Usage

NOTE: Assigning the same role to the same user, group or service principal multiple times will merge it, so when you do:

module "role_assignments" {
  source = "retoxx-dev/role-assignment/azurerm"

  role_assignments = [
    {
      user_principal_names = ["user1@contoso.com"]
      role_names           = ["Reader", "Web Plan Contributor"]
      scope                = azurerm_resource_group.this.id
    },
    {
      user_principal_names = ["user1@contoso.com", "user2@contoso.com"]
      role_names           = ["Reader", "Owner"]
      scope                = azurerm_resource_group.this.id
    }
  ]
}

The role Reader will be assigned to user1@contoso.com only once.

Assign roles to users

module "role_assignments" {
  source = "retoxx-dev/role-assignment/azurerm"

  role_assignments = [
    {
      user_principal_names = ["user1@contoso.com", "user2@contoso.com"]
      role_names           = ["Reader", "Web Plan Contributor"]
      scope                = azurerm_resource_group.this.id
    }
  ]
}

Assign roles to groups

module "role_assignments" {
  source = "retoxx-dev/role-assignment/azurerm"

  role_assignments = [
    {
      group_names = ["group1", "group2", "group3"]
      role_names  = ["Reader", "Web Plan Contributor"]
      scope       = azurerm_resource_group.this.id
    }
  ]
}

Assign roles to service principals

module "role_assignments" {
  source = "retoxx-dev/role-assignment/azurerm"

  role_assignments = [
    {
      sp_names   = ["spname1", "spname2", "spname3"]
      role_names = ["Reader", "Web Plan Contributor"]
      scope      = azurerm_resource_group.this.id
    }
  ]
}

Assign roles to service principals but with principal ids

module "role_assignments" {
  source = "retoxx-dev/role-assignment/azurerm"

  role_assignments = [
    {
      principal_ids   = ["00000000-0000-0000-0000-000000000000"]
      role_names      = ["Reader", "Web Plan Contributor"]
      scope           = azurerm_resource_group.this.id
    }
  ]
}

Requirements

Name Version
terraform >= 1.3.1
azuread >=2.37
azurerm >=3.33

Providers

Name Version
azuread >=2.37
azurerm >=3.33

Modules

No modules.

Resources

Name Type
azurerm_role_assignment.groups resource
azurerm_role_assignment.principal_ids resource
azurerm_role_assignment.service_principals resource
azurerm_role_assignment.users resource
azuread_group.group_objects data source
azuread_service_principal.sp_objects data source
azuread_user.user_objects data source

Inputs

Name Description Type Default Required
role_assignments The role assignments to create 
list(object({
    user_principal_names = optional(list(string), [])
    group_names          = optional(list(string), [])
    sp_names             = optional(list(string), [])
    principal_ids        = optional(list(string), [])
    role_names           = list(string)
    scope                = string
  }))
 n/a yes

Outputs

No outputs.

About

Terraform Module to assign Azure IAM roles

Topics

azure terraform azurerm tsh role-assignment

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
Nov 14, 2024
+ 2 releases

Packages

 
 
 

Contributors

Languages