Create IAM profiles in Azure using Terraform
Create Iam and organize your infrastructure using Terraform
After the new year, I took on a 2-day project to organize a customer IAM, man I was in a really bad mood, it seemed like nobody had taken care of that for about 200 years without making a fuss hahaha. If I were the CTO or infrastructure manager I would be very pissed off. Here’s an example of organizing your infrastructure accesses in Azure, I’ll write about AWS soon.
provider "azurerm" {
version = "=2.24.0"
features {}
}
resource "azurerm_role_definition" "example" {
name = "example"
scope = "/subscriptions/00000000-0000-0000-0000-000000000000"
permissions {
actions = ["Microsoft.Compute/*/read"]
not_actions = []
}
}This example creates an IAM role named “example” that has permissions to read all resources under the Microsoft.Compute resource provider. The scope is set to a specific subscription, and no “not_actions” are specified, meaning that the role can perform all actions specified in the “actions” field.
To create an IAM profile you will need to use azurerm_role_assignment and reference the azurerm_role_definition object created in the first step.
resource "azurerm_role_assignment" "example" {
scope = "/subscriptions/00000000-0000-0000-0000-000000000000"
role_definition_name = azurerm_role_definition.example.name
principal_id = "00000000-0000-0000-0000-000000000000"
}This creates an assignment of the IAM role “example” to a specific principal (user or group) with the ID “00000000–0000–0000–0000–000000000000”.
It’s important to replace all example placeholders like 00000000-0000-0000-0000-000000000000 with the corresponding values from your azure subscription and the user or group you want to assign the role to.
This is to give you an idea of what an encoded infrastructure is too much! We can use whatever we want in terraform, but remember to save your codes and now, at the beginning of the year and during the year or when you read this post, organize your accesses. Not soft!
