azuremoduleterraformrbacterraform-modules
Terraform modules rbac assignements
It might be a silly error but I don't see it so I am asking for help and clarification. I can't seem to be able to call my values from my outputs.tf for my RBAC which has 2 "dependencies" one from my azurerm folder and one from my azuread folder. I am basically trying to grand an azure RBAC to an azure security group.
Having the following structure:
IaC/
├─ deployments/
├─ modules/
│ ├─ aws/
│ ├─ azuread/
│ │ ├─ security-groups/
│ │ | ├─ cns/
| | | | ├─ main.tf
| | | | ├─ outputs.tf
| | | | ├─ variables.tf
│ ├─ azurerm/
│ │ ├─ akv/
│ │ │ ├─ main.tf
| | | ├─ outputs.tf
│ │ │ ├─ variables.tf
│ │ ├─ rbac/
│ │ | ├─ rbac-rg-operator/
│ │ │ | ├─ main.tf
| | | | ├─ outputs.tf
│ │ │ | ├─ variables.tf
│ │ ├─ rg/
│ │ │ ├─ main.tf
| | | ├─ outputs.tf
│ │ │ ├─ variables.tf
├─ project-templates/
│ ├─ azure/
│ │ ├─ project-template-solution-1/
│ │ │ ├─ akv.tf
│ │ │ ├─ main.tf
│ │ │ ├─ rg.tf
│ │ │ ├─ rbac-rg-operator.tf
│ │ │ ├─ sg-cns.tf
│ │ │ ├─ variables.tf
│ │ │ ├─ terragrunt.hcl
├─ terragrunt.hcl
I get the following error message when running terragrunt plan.
Here's my concerned configuration files:
IaC/modules/azuread/security-groups/cns/
main.tf
terraform {
required_providers {
azuread = {
source = "hashicorp/azuread"
version = "2.31.0"
}
}
}
provider "azuread" {
tenant_id = var.azure_tenant_id
}
data "azuread_client_config" "current" {}
#create azure active directory group cns
resource "azuread_group" "azure_sg_cns" {
display_name = var.azure_sg_cns
owners = [data.azuread_client_config.current.object_id]
security_enabled = true
}
outputs.tf
output "azure_sg_cns_object_id_out" {
value = azuread_group.azure_sg_cns.object_id
}
variables.tf
variable "azure_sg_cns" {
type = string
description = "Azure AD Security Group Name CNS"
}
variable "azure_tenant_id" {
type = string
description = "Azure Tenant Id"
}
IaC/modules/azurerm/rbac/rbac-rg-operator/
main.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.42.0"
}
azuread = {
source = "hashicorp/azuread"
version = "2.31.0"
}
}
}
resource "azurerm_role_assignment" "rbac-rg-operator" {
scope = var.azure_rg_name
role_definition_name = "RG Operator"
principal_id = var.azure_sg_cns.object_id
}
variables.tf
variable "azure_sg_cns" {
type = string
description = "Azure AD Security Group Name CNS"
}
variable "azure_rg_name" {
type = string
description = "Azure Resource Group Name"
}
variable "azure_tenant_id" {
type = string
description = "Azure Tenant Id"
}
IaC/modules/project-templates/azure/project-template-solution-1/
rbac-rg-operator.tf
module "rbac-rg-operator" {
source ="../../..//modules/azurerm/rbac/rbac-rg-operator/"
azure_sg_cns = module.azure_sg_cns.azure_sg_cns_object_id_out
azure_rg_name = module.rg.rg_id_out
azure_tenant_id = var.azure_tenant_id
}
Solution
Changed the following to make it work:
rbac-rg-operator.tf
module "rbac-rg-operator" {
source ="../../..//modules/azurerm/rbac/rbac-rg-operator/"
azure_sg_cns = module.azure_sg_cns.azure_sg_cns_object_id_out
azure_rg_name = module.rg.rg_id_out
azure_tenant_id = var.azure_tenant_id
}
to
module "rbac-rg-operator" {
source ="../../..//modules/azurerm/rbac/rbac-rg-operator/"
azure_sg_cns = module.sg-cns.azure_sg_cns_object_id_out
azure_rg_name = module.rg.rg_id_out
azure_tenant_id = var.azure_tenant_id
}
Line 3:
azure_sg_cns = module.azure_sg_cns.azure_sg_cns_object_id_out became azure_sg_cns = module.sg-cns.azure_sg_cns_object_id_out
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday