Skip to content

Latest commit

 

History

History
86 lines (67 loc) · 4.55 KB

README.md

File metadata and controls

86 lines (67 loc) · 4.55 KB
Raw

Terraform Azuread Workload Identity Module

Terraform module to create an Azure AD Workload Identity

blackbird-logo

Example

locals {
  oidc_issuer_url = "azurerm_kubernetes_cluster.default.identity.0.issuer"
  resource_group  = "example-group"
  subscription_id = "00000000-0000-0000-0000-000000000000"
}

module "azuread_workload_identity" {
  source = "../"

  name                 = "cert-manager"
  namespace            = "cert-manager"
  service_account_name = "cert-manager"
  oidc_issuer_url      = local.oidc_issuer_url
  role_assignments = [
    {
      name                 = "dns",
      scope                = "/subscriptions/${local.subscription_id}/resourceGroups/${local.resource_group}",
      role_definition_name = "DNS Zone Contributor"
    }
  ]
}

Requirements

Name Version
terraform >= 1.2
azuread ~> 2
azurerm ~> 3

Providers

Name Version
azuread ~> 2
azurerm ~> 3

Resources

Name Type
azuread_application.default resource
azuread_application_federated_identity_credential.default resource
azuread_service_principal.default resource
azurerm_role_assignment.assignment resource
azuread_client_config.current data source

Inputs

Name Description Type Default Required
ad_application_fic_prefix The prefix for the Azure AD application federated identity credential name string "fed-identity" no
ad_application_prefix The prefix for the Azure AD application name string "sp" no
audiences The audiences for the federated identity credential list(string) 
[
  "api://AzureADTokenExchange"
]
 no
name The name of the workload identity string n/a yes
namespace The namespace of the workload identity string n/a yes
oidc_issuer_url The OIDC issuer URL string n/a yes
role_assignments Role assignments 
list(object({
    name                 = string,
    scope                = string,
    role_definition_id   = optional(string),
    role_definition_name = optional(string),
    principal_type       = optional(string)
  }))
 [] no
service_account_name The name of the service account string n/a yes

Outputs

Name Description
app_client_id The client ID of the Azure AD application
service_principal The service principal of the Azure AD application

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2024 Blackbird Cloud