为多个订阅创建Azure服务主体
我已经能够用下面的地形成功地创建一个服务主体机密。但是,对于尝试为多个订阅创建服务主体的正确方法,我有点困惑。我是个新手,不幸的是,我碰到了一堵墙。为多个订阅实现服务主体的最佳/正确方法是什么为多个订阅创建Azure服务主体,azure,terraform,terraform-provider-azure,Azure,Terraform,Terraform Provider Azure,我已经能够用下面的地形成功地创建一个服务主体机密。但是,对于尝试为多个订阅创建服务主体的正确方法,我有点困惑。我是个新手,不幸的是,我碰到了一堵墙。为多个订阅实现服务主体的最佳/正确方法是什么 data "azurerm_subscription" "example-subscription" { subscription_id = "959e460c-209e-43d7-a6e9-e30c716e0691" } # Azur
data "azurerm_subscription" "example-subscription" {
subscription_id = "959e460c-209e-43d7-a6e9-e30c716e0691"
}
# Azure AD App
resource "azuread_application" "example-subscription" {
name = "example-subscription"
available_to_other_tenants = false
}
# Service Principal associated with the Azure AD App
resource "azuread_service_principal" "example-subscription" {
application_id = azuread_application.example-subscription.application_id
}
# Random string to be used for Service Principal password
resource "random_password" "password-subscription" {
length = 32
special = true
}
# Service Principal password
resource "azuread_service_principal_password" "example-subscription" {
service_principal_id = azuread_service_principal.example-subscription.id
value = random_password.password-subscription.result
end_date_relative = "17520h"
}
# Role assignment for service principal
resource "azurerm_role_assignment" "example-subscription" {
scope = data.azurerm_subscription.example-subscription.id
role_definition_name = "Contributor"
principal_id = azuread_service_principal.example-subscription.id
}
订阅示例
data "azurerm_subscription" "example-subscription" {
subscription_id = "959e460c-209e-43d7-a6e9-e30c716e0691"
}
data "azurerm_subscription" "example-subscription2” {
subscription_id = "b344b74c-4600-470d-ad73-e918b0d0ccd3"
}
data "azurerm_subscription" "example-subscription3” {
subscription_id = "242d05b2-e06e-4713-8094-44955dab1ee8"
}
服务主体是单个Azure AD租户或目录中全局应用程序对象的本地表示或应用程序实例。服务主体是从应用程序对象创建的具体实例,并从该应用程序对象继承某些属性 如果您在一个Azure AD租户中有多个Azure订阅,您可以在所有Azure订阅中使用您的单一服务主体