avm-res-authorization-roleassignment
Azure/avm-res-authorization-roleassignment/azurerm
Terraform Module
HCL
AZURERM
✓ Verified
Terraform Azure Verified Resource Module for Role Assignment
Install
module "avm-res-authorization-roleassignment" {
source = "Azure/avm-res-authorization-roleassignment/azurerm"
version = "0.3.0"
}
README
Azure Authorization Role Assignment Module This module is a convenience wrapper around the azurerm_role_assignment resource to make it easier to create role assignments at different scopes for different types of principals. TLDR: Skip to our Examples section for common usage patterns. Features This module supports both built in and custom role definitions. This module can be used to create role assignments at the following scopes: - Entra ID - Management Group - Subscription - Resource Group - Resource This module supports the following types of principals: - User - Group - App Registrations (Service Principal) - System Assigned Managed Identity - User Assigned Managed Identity The module provides multiple helper variables to make it easier to find the principal id (object id) for differen
Inputs (31)
| Name | Type | Description | Default |
|---|---|---|---|
| role_assignments_for_resources | map(object({ resource_name | (Optional) Role assignments to be applied to resources. The resource is defined | {} |
| system_assigned_managed_identities_by_display_name | map(string) | (Optional) A map of system assigned managed identities to reference in role assi | {} |
| users_by_object_id | map(string) | (Optional) A map of Entra ID users to reference in role assignments. The key is | {} |
| users_by_employee_id | map(string) | (Optional) A map of Entra ID users to reference in role assignments. The key is | {} |
| users_by_mail | map(string) | (Optional) A map of Entra ID users to reference in role assignments. The key is | {} |
| app_registrations_by_client_id | map(string) | (Optional) A map of Entra ID application registrations to reference in role assi | {} |
| groups_by_mail_nickname | map(string) | (Optional) A map of Entra ID groups to reference in role assignments. The key is | {} |
| app_registrations_by_display_name | map(string) | (Optional) A map of Entra ID application registrations to reference in role assi | {} |
| skip_service_principal_aad_check | bool | DEPRECATED: Please use the new `skip_service_principal_aad_check` variable insid | false |
| system_assigned_managed_identities_by_principal_id | map(string) | (Optional) A map of system assigned managed identities to reference in role assi | {} |
| role_assignments_entra_id | map(object({ app_scope_id | Azure AD role assignments to create for Entra ID. This variable does not do any | {} |
| users_by_mail_nickname | map(string) | (Optional) A map of Entra ID users to reference in role assignments. The key is | {} |
| role_assignments_for_scopes | map(object({ scope = strin | (Optional) Role assignments to be applied to specific scope ids. The scope id is | {} |
| system_assigned_managed_identities_by_client_id | map(string) | (Optional) A map of system assigned managed identities to reference in role assi | {} |
| enable_telemetry | bool | This variable controls whether or not telemetry is enabled for the module. For m | true |
| user_assigned_managed_identities_by_client_id | map(string) | (Optional) A map of system assigned managed identities to reference in role assi | {} |
| user_assigned_managed_identities_by_principal_id | map(string) | (Optional) A map of system assigned managed identities to reference in role assi | {} |
| users_by_user_principal_name | map(string) | (Optional) A map of Entra ID users to reference in role assignments. The key is | {} |
| app_registrations_by_principal_id | map(string) | (Optional) A map of Entra ID application registrations to reference in role assi | {} |
| groups_by_display_name | map(string) | (Optional) A map of Entra ID groups to reference in role assignments. The key is | {} |
Outputs (11)
app_registrations — A map of Entra ID application registrations. The key is the key you supplied and the value is the prentra_id_role_definitions — A map of Entra ID role definitions. The key is the key you supplied and the value is the role definigroups — A map of Entra ID groups. The key is the key you supplied and the value is the principal id (object resource_id — This output is not used and is only here to satisfy the requirements of the module linting.role_assignments — A map of Azure Resource Manager role assignments. The key is the key you supplied and the value is trole_defintions — A map of Azure Resource Manager role definitions. The key is the key you supplied and the value conssystem_assigned_managed_identities — A map of system assigned managed identities. The key is the key you supplied and value is the princiuser_assigned_managed_identities — A map of user assigned managed identities. The key is the key you supplied and value is the principaall_principals — A map of all principals. The key is the key you supplied and the value is the principal id (object ientra_id_role_assignments — A map of Entra ID role assignments. The key is the key you supplied and the value is the role assignusers — A map of Entra ID users. The key is the key you supplied and the value is the principal id (object iResources (5)
azuread_directory_roleazuread_directory_role_assignmentazurerm_role_assignmentmodtm_telemetryrandom_uuid
Details
FrameworkTerraform Module
LanguageHCL
Version0.3.0
Cloud AZURERM
★ Stars17
Forks9
Total downloads234.6k
Inputs31
Outputs11
Resources5
Examples2
LicenseMIT
NamespaceAzure
Updated