terraform-azurerm-res-resource-resourcegroup

Module to deploy resource groups in Azure

Requirements

The following requirements are needed by this module:

• terraform (>= 1.5.2)

• azurerm (~> 3.71)

• modtm (~> 0.3)

• random (~> 3.5)

Resources

The following resources are used by this module:

• azurerm_management_lock.this (resource)
• azurerm_resource_group.this (resource)
• azurerm_role_assignment.this (resource)
• modtm_telemetry.telemetry (resource)
• random_uuid.telemetry (resource)
• azurerm_client_config.telemetry (data source)
• azurerm_subscription.current (data source)
• modtm_module_source.telemetry (data source)

Required Inputs

The following input variables are required:

location

Description: Required. The Azure region for deployment of the this resource.

Type: string

name

Description: Required. The name of the this resource.

Type: string

Optional Inputs

The following input variables are optional (have default values):

enable_telemetry

Description: This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.

Type: bool

Default: true

lock

Description: Controls the Resource Lock configuration for this resource. The following properties can be specified:

• kind - (Required) The type of lock. Possible values are \"CanNotDelete\" and \"ReadOnly\".
• name - (Optional) The name of the lock. If not specified, a name will be generated based on the kind value. Changing this forces the creation of a new resource.

Type:

object({
    kind = string
    name = optional(string, null)
  })

Default: null

role_assignments

Description: Optional. A map of role assignments to create on this resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.

• role_definition_id_or_name - (Required) The ID or name of the role definition to assign to the principal.
• principal_id - (Required) The ID of the principal to assign the role to.
• description - (Optional) The description of the role assignment.
• skip_service_principal_aad_check - (Optional) If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false.
• condition - (Optional) The condition which will be used to scope the role assignment.
• condition_version - (Optional) The version of the condition syntax. Valid values are '2.0'.
• delegated_managed_identity_resource_id - (Optional) The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. NOTE:
  this field is only used in cross tenant scenario.

Note: only set skip_service_principal_aad_check to true if you are assigning a role to a service principal.

Example Input:

role_assignments = {
  "role_assignment1" = {
    role_definition_id_or_name = "Reader"
    principal_id = "4179302c-702e-4de7-a061-beacd0a1be09"

  },
"role_assignment2" = {
  role_definition_id_or_name = "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" // Storage Blob Data Reader Role Guid
  principal_id = "4179302c-702e-4de7-a061-beacd0a1be09"
  skip_service_principal_aad_check = false
  condition_version = "2.0"
  condition = <<-EOT
(
  (
    !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
  )
OR
  (
  @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId]
  ForAnyOfAnyValues:GuidEquals {4179302c-702e-4de7-a061-beacd0a1be09}
  )
)
AND
(
  (
    !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
  )
  OR
  (
    @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId]
    ForAnyOfAnyValues:GuidEquals {dc887ae1-fe50-4307-be53-213ff08f3c0b}
  )
)
EOT  
  }
}

Type:

map(object({
    role_definition_id_or_name             = string
    principal_id                           = string
    description                            = optional(string, null)
    skip_service_principal_aad_check       = optional(bool, false)
    condition                              = optional(string, null)
    condition_version                      = optional(string, null)
    delegated_managed_identity_resource_id = optional(string, null)
    principal_type                         = optional(string, null)
  }))

Default: {}

tags

Description: (Optional) Tags of the resource.

Type: map(string)

Default: null

Outputs

The following outputs are exported:

name

Description: The name of the resource group

resource

Description: This is the full output for the resource group.

resource_id

Description: The resource Id of the resource group

Modules

No modules.

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.