avm-res-authorization-roleassignment

Azure/avm-res-authorization-roleassignment/azurerm

Terraform Module HCL AZURERM ✓ Verified

Terraform Azure Verified Resource Module for Role Assignment

Install

module "avm-res-authorization-roleassignment" {

source = "Azure/avm-res-authorization-roleassignment/azurerm"

version = "0.3.0"

}

plain text: /constructs/tfmod-azure-avm-res-authorization-roleassignment-azurerm/install.txt

⭐ Source on GitHub 📦 Registry page

README

Azure Authorization Role Assignment Module This module is a convenience wrapper around the azurerm_role_assignment resource to make it easier to create role assignments at different scopes for different types of principals. TLDR: Skip to our Examples section for common usage patterns. Features This module supports both built in and custom role definitions. This module can be used to create role assignments at the following scopes: - Entra ID - Management Group - Subscription - Resource Group - Resource This module supports the following types of principals: - User - Group - App Registrations (Service Principal) - System Assigned Managed Identity - User Assigned Managed Identity The module provides multiple helper variables to make it easier to find the principal id (object id) for differen

Inputs (31)

Name	Type	Description	Default
role_assignments_for_resources	map(object({ resource_name	(Optional) Role assignments to be applied to resources. The resource is defined	`{}`
system_assigned_managed_identities_by_display_name	map(string)	(Optional) A map of system assigned managed identities to reference in role assi	`{}`
users_by_object_id	map(string)	(Optional) A map of Entra ID users to reference in role assignments. The key is	`{}`
users_by_employee_id	map(string)	(Optional) A map of Entra ID users to reference in role assignments. The key is	`{}`
users_by_mail	map(string)	(Optional) A map of Entra ID users to reference in role assignments. The key is	`{}`
app_registrations_by_client_id	map(string)	(Optional) A map of Entra ID application registrations to reference in role assi	`{}`
groups_by_mail_nickname	map(string)	(Optional) A map of Entra ID groups to reference in role assignments. The key is	`{}`
app_registrations_by_display_name	map(string)	(Optional) A map of Entra ID application registrations to reference in role assi	`{}`
skip_service_principal_aad_check	bool	DEPRECATED: Please use the new `skip_service_principal_aad_check` variable insid	`false`
system_assigned_managed_identities_by_principal_id	map(string)	(Optional) A map of system assigned managed identities to reference in role assi	`{}`
role_assignments_entra_id	map(object({ app_scope_id	Azure AD role assignments to create for Entra ID. This variable does not do any	`{}`
users_by_mail_nickname	map(string)	(Optional) A map of Entra ID users to reference in role assignments. The key is	`{}`
role_assignments_for_scopes	map(object({ scope = strin	(Optional) Role assignments to be applied to specific scope ids. The scope id is	`{}`
system_assigned_managed_identities_by_client_id	map(string)	(Optional) A map of system assigned managed identities to reference in role assi	`{}`
enable_telemetry	bool	This variable controls whether or not telemetry is enabled for the module. For m	`true`
user_assigned_managed_identities_by_client_id	map(string)	(Optional) A map of system assigned managed identities to reference in role assi	`{}`
user_assigned_managed_identities_by_principal_id	map(string)	(Optional) A map of system assigned managed identities to reference in role assi	`{}`
users_by_user_principal_name	map(string)	(Optional) A map of Entra ID users to reference in role assignments. The key is	`{}`
app_registrations_by_principal_id	map(string)	(Optional) A map of Entra ID application registrations to reference in role assi	`{}`
groups_by_display_name	map(string)	(Optional) A map of Entra ID groups to reference in role assignments. The key is	`{}`

Outputs (11)

app_registrations — A map of Entra ID application registrations. The key is the key you supplied and the value is the pr

entra_id_role_definitions — A map of Entra ID role definitions. The key is the key you supplied and the value is the role defini

groups — A map of Entra ID groups. The key is the key you supplied and the value is the principal id (object

resource_id — This output is not used and is only here to satisfy the requirements of the module linting.

role_assignments — A map of Azure Resource Manager role assignments. The key is the key you supplied and the value is t

role_defintions — A map of Azure Resource Manager role definitions. The key is the key you supplied and the value cons

system_assigned_managed_identities — A map of system assigned managed identities. The key is the key you supplied and value is the princi

user_assigned_managed_identities — A map of user assigned managed identities. The key is the key you supplied and value is the principa

all_principals — A map of all principals. The key is the key you supplied and the value is the principal id (object i

entra_id_role_assignments — A map of Entra ID role assignments. The key is the key you supplied and the value is the role assign

users — A map of Entra ID users. The key is the key you supplied and the value is the principal id (object i

Resources (5)

azuread_directory_roleazuread_directory_role_assignmentazurerm_role_assignmentmodtm_telemetryrandom_uuid

Details

FrameworkTerraform Module

LanguageHCL

Version0.3.0

Cloud AZURERM

★ Stars17

Forks9

Total downloads234.6k

Inputs31

Outputs11

Resources5

Examples2

LicenseMIT

NamespaceAzure

Updated

Tools

⚖ Compare with another construct → 📋 View data schema