Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/thesoftwarehouse/terraform-azurerm-role-assignment

Terraform Module to assign Azure IAM roles
https://github.com/thesoftwarehouse/terraform-azurerm-role-assignment

azure azurerm role-assignment terraform tsh

Last synced: 3 months ago
JSON representation

Terraform Module to assign Azure IAM roles

Awesome Lists containing this project

README 

        
# terraform-role-assignment



## Assign roles to users, groups and service principals



This Terraform module assigns `BUILT IN` roles to users, groups and service principals.



## Usage

NOTE: Assigning the same role to the same user, group or service principal multiple times will merge it, so when you do:

```hcl

module "role_assignments" {

  source = "retoxx-dev/role-assignment/azurerm"



  role_assignments = [

    {

      user_principal_names = ["[email protected]"]

      role_names           = ["Reader", "Web Plan Contributor"]

      scope                = azurerm_resource_group.this.id

    },

    {

      user_principal_names = ["[email protected]", "[email protected]"]

      role_names           = ["Reader", "Owner"]

      scope                = azurerm_resource_group.this.id

    }

  ]

}

```

The role `Reader` will be assigned to `[email protected]` only once.



### Assign roles to users

```hcl

module "role_assignments" {

  source = "retoxx-dev/role-assignment/azurerm"



  role_assignments = [

    {

      user_principal_names = ["[email protected]", "[email protected]"]

      role_names           = ["Reader", "Web Plan Contributor"]

      scope                = azurerm_resource_group.this.id

    }

  ]

}

```



### Assign roles to groups

```hcl

module "role_assignments" {

  source = "retoxx-dev/role-assignment/azurerm"



  role_assignments = [

    {

      group_names = ["group1", "group2", "group3"]

      role_names  = ["Reader", "Web Plan Contributor"]

      scope       = azurerm_resource_group.this.id

    }

  ]

}

```



### Assign roles to service principals

```hcl

module "role_assignments" {

  source = "retoxx-dev/role-assignment/azurerm"



  role_assignments = [

    {

      sp_names   = ["spname1", "spname2", "spname3"]

      role_names = ["Reader", "Web Plan Contributor"]

      scope      = azurerm_resource_group.this.id

    }

  ]

}

```



### Assign roles to service principals but with principal ids

```hcl

module "role_assignments" {

  source = "retoxx-dev/role-assignment/azurerm"



  role_assignments = [

    {

      principal_ids   = ["00000000-0000-0000-0000-000000000000"]

      role_names      = ["Reader", "Web Plan Contributor"]

      scope           = azurerm_resource_group.this.id

    }

  ]

}

```



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.1 |

|  [azuread](#requirement\_azuread) | >=2.37 |

|  [azurerm](#requirement\_azurerm) | >=3.33 |



## Providers



| Name | Version |

|------|---------|

|  [azuread](#provider\_azuread) | >=2.37 |

|  [azurerm](#provider\_azurerm) | >=3.33 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [azurerm_role_assignment.groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |

| [azurerm_role_assignment.principal_ids](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |

| [azurerm_role_assignment.service_principals](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |

| [azurerm_role_assignment.users](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |

| [azuread_group.group_objects](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |

| [azuread_service_principal.sp_objects](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |

| [azuread_user.user_objects](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/user) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [role\_assignments](#input\_role\_assignments) | The role assignments to create | 
list(object({
    user_principal_names = optional(list(string), [])
    group_names          = optional(list(string), [])
    sp_names             = optional(list(string), [])
    principal_ids        = optional(list(string), [])
    role_names           = list(string)
    scope                = string
  }))
 | n/a | yes |



## Outputs



No outputs.