Skip to content

Instantly share code, notes, and snippets.

@gsuttie
Created March 26, 2022 07:45
Show Gist options
  • Save gsuttie/3ab106252faf6ef7726441f70d611c7d to your computer and use it in GitHub Desktop.
Save gsuttie/3ab106252faf6ef7726441f70d611c7d to your computer and use it in GitHub Desktop.
param location string
param containersRGMI string
@description('Create a brand new User Assigned Managed Identity')
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: containersRGMI
location: location
}
@description('This is the built-in Key Vault Administrator role. See https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#key-vault-administrator')
resource keyVaultAdministratorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
scope: subscription()
name: '00482a5a-887f-4fb3-b363-3b7fe8e74483'
}
@description('This is the built-in Owner role. See https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#key-vault-administrator')
resource OwnerRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
scope: subscription()
name: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
}
resource keyVaultAdminRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(containersRGMI, containersRGMI, keyVaultAdministratorRoleDefinition.id)
properties: {
roleDefinitionId: keyVaultAdministratorRoleDefinition.id
principalId: managedIdentity.properties.principalId
principalType: 'ServicePrincipal'
}
}
resource OwnerRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(containersRGMI, containersRGMI, OwnerRoleDefinition.id)
properties: {
roleDefinitionId: OwnerRoleDefinition.id
principalId: managedIdentity.properties.principalId
principalType: 'ServicePrincipal'
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment