chore: make managed identity blob storage contributor (#507)

chore: make maanaged identity blob storage contributor
rubberdok · Mar 4, 2024 · 4b74e22 · 4b74e22
1 parent 4b8d4c2
commit 4b74e22
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/infrastructure/modules/blob_storage/outputs.tf b/infrastructure/modules/blob_storage/outputs.tf
@@ -5,3 +5,7 @@ output "storage_account_name" {
 output "storage_container_name" {
  value = azurerm_storage_container.main.name
 }
+
+output "storage_account_id" {
+ value = azurerm_storage_account.main.id
+}
diff --git a/infrastructure/modules/server/managed_identity.tf b/infrastructure/modules/server/managed_identity.tf
@@ -18,3 +18,9 @@ resource "azurerm_role_assignment" "key_vault_user" {
  role_definition_name = "Key Vault Secrets User"
  principal_id = module.managed_identity.principal_id
 }
+
+resource "azurerm_role_assignment" "blob_storage_contributor" {
+ scope = module.blob_storage.storage_account_id
+ role_definition_name = "Storage Blob Data Contributor"
+ principal_id = module.managed_identity.principal_id
+}