vault_azure_auth_backend_role

Manages an Azure auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the Vault documentation for more information.

Example Usage

resource "vault_auth_backend" "azure" {
  type = "azure"
}

resource "vault_azure_auth_backend_role" "example" {
  backend                         = vault_auth_backend.azure.path
  role                            = "test-role"
  bound_subscription_ids          = ["11111111-2222-3333-4444-555555555555"]
  bound_resource_groups           = ["123456789012"]
  token_ttl                       = 60
  token_max_ttl                   = 120
  token_policies                  = ["default", "dev", "prod"]
}

Argument Reference

The following arguments are supported:

Common Token Arguments

These arguments are common across several Authentication Token resources since Vault 1.2.

Attributes Reference

No additional attributes are exported by this resource.

Import

Azure auth backend roles can be imported using auth/, the backend path, /role/, and the role name e.g.

$ terraform import vault_azure_auth_backend_role.example auth/azure/role/test-role