azurerm_pim_eligible_role_assignment

Manages a Pim Eligible Role Assignment.

Example Usage (Subscription)

data "azurerm_subscription" "primary" {}

data "azurerm_client_config" "example" {}

data "azurerm_role_definition" "example" {
  name = "Reader"
}

resource "time_static" "example" {}

resource "azurerm_pim_eligible_role_assignment" "example" {
  scope              = data.azurerm_subscription.primary.id
  role_definition_id = "${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id}"
  principal_id       = data.azurerm_client_config.example.object_id

  schedule {
    start_date_time = time_static.example.rfc3339
    expiration {
      duration_hours = 8
    }
  }

  justification = "Expiration Duration Set"

  ticket {
    number = "1"
    system = "example ticket system"
  }
}

Example Usage (Management Group)

data "azurerm_client_config" "example" {}

data "azurerm_role_definition" "example" {
  name = "Reader"
}

resource "azurerm_management_group" "example" {
  name = "Example-Management-Group"
}

resource "time_static" "example" {}

resource "azurerm_pim_eligible_role_assignment" "example" {
  scope              = azurerm_management_group.example.id
  role_definition_id = data.azurerm_role_definition.example.id
  principal_id       = data.azurerm_client_config.example.object_id

  schedule {
    start_date_time = time_static.example.rfc3339
    expiration {
      duration_hours = 8
    }
  }

  justification = "Expiration Duration Set"

  ticket {
    number = "1"
    system = "example ticket system"
  }
}

Arguments Reference

The following arguments are supported:




A expiration block supports the following:


A schedule block supports the following:


A ticket block supports the following:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Pim Eligible Role Assignments can be imported using the resource id, e.g.

terraform import azurerm_pim_eligible_role_assignment.example /subscriptions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000