馃挕 Feature Request - Descriptive module for creating security groups and mapping them to the custom roles through the roleAssignments module #389
Labels
Area: RBAC
enhancement
New feature or request
long-term
We will do it, but will take a longer amount of time due to complexity/priorities
Upstream Dependency
Comments
ghost
added
the
|
Hey @reduards, As you have noticed creating AAD objects with Bicep is not yet supported. However, soon it hopefully will be. Therefore I think we will place this one on long term hold until we see the AAD functionality come for Bicep. Thanks Jack |
jtracey93
added
Area: RBAC
Upstream Dependency
long-term
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
I would like to see a more descriptive way of creating security groups or mapping existing security groups to the customer roles and the right scope. We currently have a module for role assignment but no recommended path to utlize it in the intial deployment.
Create module or sub module (leverage by orchestration) to create security groups
Have an deployment example at roleAssignment module where these groups get mapped to corresponding custom role (NetOps for example) at a/the recommended scope.
Additional context
If you believe that this is a good idea, I am more than willing to help with this work.
EDIT: Just realised that creating Azure AD security groups with bicep is not supported. However, maybe we can leave a snippet with how to do it with PowerShell (New-AzureADGroup) similiar to how we show them how to retrieve object ID of an existing security group/spn/managed identity.
Best Regards,
Rasmus
The text was updated successfully, but these errors were encountered: