https://github.com/claranet/terraform-azurerm-lighthouse
Terraform module for Azure Lighthouse (definition and assignment)
https://github.com/claranet/terraform-azurerm-lighthouse
azure claranet module terraform
Last synced: 2 months ago
JSON representation
Terraform module for Azure Lighthouse (definition and assignment)
- Host: GitHub
- URL: https://github.com/claranet/terraform-azurerm-lighthouse
- Owner: claranet
- License: apache-2.0
- Created: 2021-03-24T16:38:11.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2025-04-04T23:37:36.000Z (2 months ago)
- Last Synced: 2025-04-05T00:27:38.644Z (2 months ago)
- Topics: azure, claranet, module, terraform
- Language: HCL
- Homepage:
- Size: 109 KB
- Stars: 1
- Watchers: 5
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Azure Lighthouse
[](CHANGELOG.md) [](NOTICE) [](LICENSE) [](https://search.opentofu.org/module/claranet/lighthouse/azurerm/)
Azure terraform module to create a Lighthouse definition and assign it to scopes where management delegation is needed.
## Global versioning rule for Claranet Azure modules
| Module version | Terraform version | OpenTofu version | AzureRM version |
| -------------- | ----------------- | ---------------- | --------------- |
| >= 8.x.x | **Unverified** | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | | >= 3.0 |
| >= 6.x.x | 1.x | | >= 3.0 |
| >= 5.x.x | 0.15.x | | >= 2.0 |
| >= 4.x.x | 0.13.x / 0.14.x | | >= 2.0 |
| >= 3.x.x | 0.12.x | | >= 2.0 |
| >= 2.x.x | 0.12.x | | < 2.0 |
| < 2.x.x | 0.11.x | | < 2.0 |
## Contributing
If you want to contribute to this repository, feel free to use our [pre-commit](https://pre-commit.com/) git hook configuration
which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the [CONTRIBUTING.md](./CONTRIBUTING.md#pull-request-process) file.
## Usage
This module is optimized to work with the [Claranet terraform-wrapper](https://github.com/claranet/terraform-wrapper) tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the `terraform-wrapper` available in the [documentation](https://github.com/claranet/terraform-wrapper#environment).
⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with
[Hashicorp Terraform](https://github.com/hashicorp/terraform/). Instead, we recommend to use [OpenTofu](https://github.com/opentofu/opentofu/).
```hcl
module "msp" {
source = "claranet/lighthouse/azurerm"
version = "x.x.x"
name = "Claranet MSP"
description = "Lighthouse delegation to let Claranet manage resources."
managing_tenant_id = local.claranet_tenant_id
managed_subscription_id = local.subscription_id
authorizations = [
{
principal_id = "00000000-0000-0000-0000-000000000000"
principal_name = "L1 Claranet CORE Team"
role_name = "Contributor"
},
{
principal_id = "00000000-0000-0000-0000-000000000000"
principal_name = "L2 Claranet OnCall Build Team"
role_name = "Contributor"
},
{
principal_id = "00000000-0000-0000-0000-000000000000"
principal_name = "Claranet SDM"
role_name = "Reader"
},
{
principal_id = "00000000-0000-0000-0000-000000000000"
principal_name = "MSI Admin"
# https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
role_name = "User Access Administrator"
delegated_role_names = ["Contributor", "AcrPull", "AcrPush"]
},
]
scopes = {
"Production Subscription" = local.subscription_id
}
}
```
## Providers
| Name | Version |
|------|---------|
| azurerm | ~> 4.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_lighthouse_assignment.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lighthouse_assignment) | resource |
| [azurerm_lighthouse_definition.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lighthouse_definition) | resource |
| [azurerm_role_definition.builtin_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
| [azurerm_role_definition.builtin_role_delegated](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| authorizations | List of Authorization objects. |
list(object({
principal_id = string
principal_name = string
role_name = string
delegated_role_names = optional(list(string))
})) | n/a | yes |
| description | A description of the Lighthouse Definition. | `string` | `null` | no |
| managed\_subscription\_id | The ID of the managed Subscription that will contains the Lighthouse Definition. (Recommended to use Management or Shared-Services Subscription in a Landing Zone context.) | `string` | n/a | yes |
| managing\_tenant\_id | The ID of the managing Tenant. | `string` | n/a | yes |
| name | The name of the Lighthouse Definition. | `string` | n/a | yes |
| scopes | Map of 'name => Scope IDs' to associate the Lighthouse definition (Subscription ID or Resource Group ID). | `map(string)` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| id | Lighthouse definition ID. |
| resource | Lighthouse resource object. |
| resource\_assignments | Lighthouse assignment resource objects. |
## Related documentation
- Microsoft Azure Lighthouse documentation: [docs.microsoft.com/en-us/azure/lighthouse](https://docs.microsoft.com/en-us/azure/lighthouse)