CODEWITHSUNDEEP
azureterraform-provider-azure
Blue Clouds
Blue Clouds

Reputation: 8191

Terraform identity access for ADF and storage account

I would like to create ADF and storage account using terraform which I know how to do it. After this I want to give ADF identity access to storage account. I can do this using powershell. But idempotency issues will be there when I use powershell. Is it possible to implement access with terraform itself without using powershell?

Upvotes: 0

Views: 730

Answers (1)

adp
adp

Reputation: 1271

You should create an azurerm_role_assignment to grant ADF access to the Azure Storage account.

Kindly check the example below. This code snippet assigns Storage Blob Data Reader role to the ADF.

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_data_factory" "example" {
  name                = "example524657"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_storage_account" "example" {
  name                     = "examplestr524657"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "RAGRS"
}

resource "azurerm_role_assignment" "example" {
  scope                = azurerm_storage_account.example.id
  role_definition_name = "Storage Blob Data Reader"
  principal_id         = azurerm_data_factory.example.identity[0].principal_id
}

Upvotes: 3

Related Questions