Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save lrosenman/88c4bd62074fba10249d074590cc83d5 to your computer and use it in GitHub Desktop.
Save lrosenman/88c4bd62074fba10249d074590cc83d5 to your computer and use it in GitHub Desktop.
resource "azurerm_user_assigned_identity" "w2-validator" {
resource_group_name = "${data.azurerm_resource_group.wherefor-vpc.name}"
location = "${data.azurerm_resource_group.wherefor-vpc.location}"
name = "w2-validator"
}
resource "azurerm_role_definition" "read-validator" {
name = "read-validator"
scope = "${data.azurerm_subscription.primary.id}"
description = "This is a custom role created via Terraform"
permissions {
data_actions = [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
]
actions = [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
]
not_actions = []
}
assignable_scopes = [
"${azurerm_storage_account.w2-validator.id}"
]
}
resource "azurerm_role_assignment" "w2-validator" {
scope = "${azurerm_storage_account.w2-validator.id}"
role_definition_id = "${azurerm_role_definition.read-validator.id}"
principal_id = "${azurerm_user_assigned_identity.w2-validator.principal_id}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment