Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- resource "azurerm_user_assigned_identity" "w2-validator" {
- resource_group_name = "${data.azurerm_resource_group.wherefor-vpc.name}"
- location = "${data.azurerm_resource_group.wherefor-vpc.location}"
- name = "w2-validator"
- }
- resource "azurerm_role_definition" "read-validator" {
- name = "read-validator"
- scope = "${data.azurerm_subscription.primary.id}"
- description = "This is a custom role created via Terraform"
- permissions {
- data_actions = [
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
- ]
- actions = [
- "Microsoft.Storage/storageAccounts/blobServices/containers/read",
- "Microsoft.Storage/storageAccounts/read",
- "Microsoft.Storage/storageAccounts/listKeys/action"
- ]
- not_actions = []
- }
- assignable_scopes = [
- "${azurerm_storage_account.w2-validator.id}"
- ]
- }
- resource "azurerm_role_assignment" "w2-validator" {
- scope = "${azurerm_storage_account.w2-validator.id}"
- role_definition_id = "${azurerm_role_definition.read-validator.id}"
- principal_id = "${azurerm_user_assigned_identity.w2-validator.principal_id}"
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
