Skip to content
/ terraform-azuread-workload-identity Public
generated from blackbird-cloud/terraform-module-template

Terraform module to create an Azure AD Workload Identity

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blackbird-cloud/terraform-azuread-workload-identity

BranchesTags

Repository files navigation

Terraform Azuread Workload Identity Module

Terraform module to create an Azure AD Workload Identity

blackbird-logo

Example

locals {
  oidc_issuer_url = "azurerm_kubernetes_cluster.default.identity.0.issuer"
  resource_group  = "example-group"
  subscription_id = "00000000-0000-0000-0000-000000000000"
}

module "azuread_workload_identity" {
  source = "../"

  name                 = "cert-manager"
  namespace            = "cert-manager"
  service_account_name = "cert-manager"
  oidc_issuer_url      = local.oidc_issuer_url
  role_assignments = [
    {
      name                 = "dns",
      scope                = "/subscriptions/${local.subscription_id}/resourceGroups/${local.resource_group}",
      role_definition_name = "DNS Zone Contributor"
    }
  ]
}

Requirements

Name Version
terraform >= 1.2
azuread ~> 2
azurerm ~> 3

Providers

Name Version
azuread ~> 2
azurerm ~> 3

Resources

Name Type
azuread_application.default resource
azuread_application_federated_identity_credential.default resource
azuread_service_principal.default resource
azurerm_role_assignment.assignment resource
azuread_client_config.current data source

Inputs

Name Description Type Default Required
ad_application_fic_prefix The prefix for the Azure AD application federated identity credential name string "fed-identity" no
ad_application_prefix The prefix for the Azure AD application name string "sp" no
audiences The audiences for the federated identity credential list(string) 
[
  "api://AzureADTokenExchange"
]
 no
name The name of the workload identity string n/a yes
namespace The namespace of the workload identity string n/a yes
oidc_issuer_url The OIDC issuer URL string n/a yes
role_assignments Role assignments 
list(object({
    name                 = string,
    scope                = string,
    role_definition_id   = optional(string),
    role_definition_name = optional(string),
    principal_type       = optional(string)
  }))
 [] no
service_account_name The name of the service account string n/a yes

Outputs

Name Description
app_client_id The client ID of the Azure AD application
service_principal The service principal of the Azure AD application

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2024 Blackbird Cloud

About

Terraform module to create an Azure AD Workload Identity

Topics

azure terraform azuread

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages