Azure Subscription Baseline
Source code & Installation
The source code of this kit module can be found here
Run the following command to install the kit module:
collie kit import azure/buildingblocks/subscription
1
This documentation is intended as a reference documentation for cloud foundation or platform engineers using this module.
Permissions
This is a very simple building block backplane, which means it sets up permission to deploy the building block across all subscriptions underneath a management group (typically the top-level management group for landing zones).
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| azurerm | ~> 3.71.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| azurerm_role_assignment.buildingblock_deploy | resource |
| azurerm_role_definition.buildingblock_deploy | resource |
| azurerm_subscription.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | name of the building block, used for naming resources | string | "budget-alert" | no |
| principal_ids | set of principal ids that will be granted permissions to deploy the building block | set(string) | n/a | yes |
| scope | Scope where the building block should be deployable, typically the parent of all Landing Zones. | string | n/a | yes |
Outputs
| Name | Description |
|---|---|
| documentation_md | Markdown documentation with information about the Subscription building block backplane |
| role_assignment_ids | The IDs of the role assignments for the service principals. |
| role_assignment_principal_ids | The principal IDs of the service principals that have been assigned the role. |
| role_definition_id | The ID of the role definition that enables deployment of the Subscription building block to subscriptions. |
| role_definition_name | The name of the role definition that enables deployment of the Subscription building block to subscriptions. |
| scope | The scope where the role definition and role assignments are applied. |