generated from hmcts/spring-boot-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ams.tf
47 lines (40 loc) · 2.19 KB
/
ams.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
locals {
// if stg env, grant dev-mi access to AMS
managed_identities = var.env == "stg" ? [data.azurerm_user_assigned_identity.pre_dev_mi.id, data.azurerm_user_assigned_identity.managed_identity.id] : [data.azurerm_user_assigned_identity.managed_identity.id]
}
// if test env, grant dev-mi access to the SAs
resource "azurerm_role_assignment" "pre_dev_mi_appreg_ingest_contrib" {
count = var.env == "test" ? 1 : 0
scope = module.ingestsa_storage_account.storageaccount_id
role_definition_name = "Storage Account Contributor"
principal_id = data.azurerm_user_assigned_identity.pre_dev_mi.principal_id
}
// if test env, grant dev-mi access to the SAs
resource "azurerm_role_assignment" "pre_dev_mi_appreg_final_contrib" {
count = var.env == "test" ? 1 : 0
scope = module.finalsa_storage_account.storageaccount_id
role_definition_name = "Storage Account Contributor"
principal_id = data.azurerm_user_assigned_identity.pre_dev_mi.principal_id
}
// if test env, grant stg-mi access to the SAs
resource "azurerm_role_assignment" "pre_stg_mi_appreg_ingest_contrib" {
count = var.env == "test" ? 1 : 0
scope = module.ingestsa_storage_account.storageaccount_id
role_definition_name = "Storage Account Contributor"
principal_id = data.azurerm_user_assigned_identity.pre_stg_mi.principal_id
}
// if test env, grant stg-mi access to the SAs
resource "azurerm_role_assignment" "pre_stg_mi_appreg_final_contrib" {
count = var.env == "test" ? 1 : 0
scope = module.finalsa_storage_account.storageaccount_id
role_definition_name = "Storage Account Contributor"
principal_id = data.azurerm_user_assigned_identity.pre_stg_mi.principal_id
}
resource "azurerm_private_dns_zone_virtual_network_link" "ams_zone_link" {
count = var.env != "test" ? 1 : 0
provider = azurerm.private_dns
name = format("%s-%s-virtual-network-link", var.product, var.env)
resource_group_name = var.dns_resource_group
private_dns_zone_name = "privatelink.media.azure.net"
virtual_network_id = data.azurerm_virtual_network.vnet.id
}