Merge pull request #36 from MicrosoftCloudEssentials-LearningHub/keyvault-template

brown9804 · web-flow · commit d0b38a9daf2c · 2026-02-09T15:50:34.000-06:00
managed identify + KeyVault + App registration
diff --git a/4_identity-security/README.md b/4_identity-security/README.md
@@ -16,6 +16,7 @@ Last updated: 2026-02-09
 
 - [Microsoft Entra ID (Entra ID)](./entra_id)
 - [Azure Key Vault](./key-vault)
+- [User Assigned Managed Identity](./managed-identity)
 
 <!-- START BADGE -->
 <div align="center">
diff --git a/4_identity-security/managed-identity/README.md b/4_identity-security/managed-identity/README.md
@@ -0,0 +1,80 @@
+# Terraform Template - User Assigned Managed Identity
+
+Costa Rica
+
+[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/)
+[brown9804](https://github.com/brown9804)
+
+Last updated: 2026-02-09
+
+------------------------------------------
+
+> This template contains Terraform configurations to create an Azure User Assigned Managed Identity with dependencies on a Resource Group.
+
+<img width="650" alt="image" src="https://github.com/user-attachments/assets/8149b211-3565-4c74-b7e0-17a15d0e3f1d" />
+
+<img width="650" alt="image" src="https://github.com/user-attachments/assets/ab38d984-bd82-46d6-afc3-e11ea5175920" />
+
+## File Descriptions
+
+- **main.tf**: Contains the main configuration for creating the Resource Group and the User Assigned Managed Identity.
+- **variables.tf**: Defines the input variables used in the Terraform configuration.
+- **provider.tf**: Configures the Azure provider to interact with Azure resources.
+- **terraform.tfvars**: Provides example values for the variables defined in `variables.tf`.
+- **outputs.tf**: Defines outputs such as the identity resource ID, client ID, and principal ID.
+
+## Variables
+
+| Variable Name | Description | Type | Example Value |
+| --- | --- | --- | --- |
+| `resource_group_name` | The name of the Azure Resource Group to create and place the identity in. | string | `"rg-identity-security-dev"` |
+| `location` | The Azure region where the Resource Group (and identity) will be created. | string | `"East US"` |
+| `managed_identity_name` | The name of the User Assigned Managed Identity to create. | string | `"id-identity-security-dev-001"` |
+| `tags` | A map of tags to assign to the resources. | map(string) | `{ "env": "dev" }` |
+
+## Usage
+
+1. Authenticate:
+
+   ```sh
+   az login
+   ```
+
+2. Ensure Azure CLI has the correct active subscription:
+
+   ```sh
+   az account show
+   # If needed:
+   az account set --subscription "<subscription-id-or-name>"
+   ```
+
+3. Initialize:
+
+   ```sh
+   terraform init -upgrade
+   ```
+
+4. Validate and plan:
+
+   ```sh
+   terraform validate
+   terraform plan
+   ```
+
+5. Apply:
+
+   ```sh
+   terraform apply -auto-approve
+   ```
+
+> [!NOTES]
+>
+> - This template creates the Resource Group for you.
+> - A User Assigned Managed Identity can be attached to Azure resources (VMs, App Service, Functions, etc.) and granted permissions via Azure RBAC.
+
+<!-- START BADGE -->
+<div align="center">
+  <img src="https://img.shields.io/badge/Total%20views-1646-limegreen" alt="Total views">
+  <p>Refresh Date: 2026-02-09</p>
+</div>
+<!-- END BADGE -->
diff --git a/4_identity-security/managed-identity/main.tf b/4_identity-security/managed-identity/main.tf
@@ -0,0 +1,22 @@
+# main.tf
+# This file contains the main configuration for creating an Azure User Assigned Managed Identity.
+# It defines the resource blocks for the Azure Resource Group and the Managed Identity.
+
+resource "azurerm_resource_group" "example" {
+  name     = var.resource_group_name
+  location = var.location
+
+  tags = var.tags
+}
+
+resource "azurerm_user_assigned_identity" "example" {
+  name                = var.managed_identity_name
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  tags = var.tags
+
+  depends_on = [
+    azurerm_resource_group.example
+  ]
+}
diff --git a/4_identity-security/managed-identity/outputs.tf b/4_identity-security/managed-identity/outputs.tf
@@ -0,0 +1,27 @@
+# outputs.tf
+# This file defines the outputs of the Terraform configuration.
+
+output "managed_identity_id" {
+  description = "The resource ID of the User Assigned Managed Identity."
+  value       = azurerm_user_assigned_identity.example.id
+}
+
+output "managed_identity_name" {
+  description = "The name of the User Assigned Managed Identity."
+  value       = azurerm_user_assigned_identity.example.name
+}
+
+output "managed_identity_client_id" {
+  description = "The client ID (application ID) of the User Assigned Managed Identity."
+  value       = azurerm_user_assigned_identity.example.client_id
+}
+
+output "managed_identity_principal_id" {
+  description = "The principal ID (object ID) of the User Assigned Managed Identity."
+  value       = azurerm_user_assigned_identity.example.principal_id
+}
+
+output "resource_group_name" {
+  description = "The name of the Resource Group created for this template."
+  value       = azurerm_resource_group.example.name
+}
diff --git a/4_identity-security/managed-identity/provider.tf b/4_identity-security/managed-identity/provider.tf
@@ -0,0 +1,25 @@
+# provider.tf
+# This file configures the Azure provider to interact with Azure resources.
+# It specifies the required provider and its version, along with provider-specific configurations.
+
+terraform {
+  required_version = ">= 1.8, < 2.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.116"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+
+  # Uses the current Azure CLI context (az login + az account set)
+  skip_provider_registration = false
+}
diff --git a/4_identity-security/managed-identity/terraform.tfvars b/4_identity-security/managed-identity/terraform.tfvars
@@ -0,0 +1,11 @@
+# Example values for the Managed Identity template
+
+resource_group_name     = "rg-identity-security-dev"
+location                = "East US"
+managed_identity_name   = "id-identity-security-dev-001"
+
+tags = {
+  env   = "dev"
+  app   = "identity-security"
+  owner = "terraform"
+}
diff --git a/4_identity-security/managed-identity/variables.tf b/4_identity-security/managed-identity/variables.tf
@@ -0,0 +1,28 @@
+# variables.tf
+# This file defines the input variables used in the Terraform configuration.
+
+variable "resource_group_name" {
+  description = "The name of the Azure Resource Group to create and place the Managed Identity in."
+  type        = string
+}
+
+variable "location" {
+  description = "The Azure region where the Resource Group (and Managed Identity) will be created."
+  type        = string
+}
+
+variable "managed_identity_name" {
+  description = "The name of the User Assigned Managed Identity to create."
+  type        = string
+
+  validation {
+    condition     = length(trimspace(var.managed_identity_name)) > 0
+    error_message = "managed_identity_name must not be empty."
+  }
+}
+
+variable "tags" {
+  description = "A map of tags to assign to the resources."
+  type        = map(string)
+  default     = {}
+}
