Skip to content

claranet/terraform-azurerm-pim

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
.config
.config
 
 
.github
.github
 
 
.gitlab/merge_request_templates
.gitlab/merge_request_templates
 
 
examples/main
examples/main
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.releaserc
.releaserc
 
 
.tool-versions
.tool-versions
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
committed.toml
committed.toml
 
 
d-groups.tf
d-groups.tf
 
 
d-users.tf
d-users.tf
 
 
locals.tf
locals.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
r-entra-roles.tf
r-entra-roles.tf
 
 
r-pim-groups.tf
r-pim-groups.tf
 
 
r-pim.tf
r-pim.tf
 
 
renovate.json
renovate.json
 
 
terraform.tfvars.ci
terraform.tfvars.ci
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 
versions.tofu
versions.tofu
 
 

Repository files navigation

Privileged Identity Management

Changelog Notice Apache V2 License OpenTofu Registry

Azure module to deploy a Privileged Identity Management.

Prerequisites

This module can only be applied with a Service Principal due to limitations with the Azure CLI and the AzureRM provider:

Global versioning rule for Claranet Azure modules

Module version Terraform version OpenTofu version AzureRM version
>= 8.x.x Unverified 1.8.x >= 4.0
>= 7.x.x 1.3.x >= 3.0
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

module "pim" {
  source  = "claranet/pim/azurerm"
  version = "x.x.x"

  pim_enabled_groups = {
    "Tenant Global Administrators Group" = {
      members = [
        "user.mail@tenantname.onmicrosoft.com",
        "guest.user_guest.domaine#EXT#@tenantname.onmicrosoft.com",
      ]
      roles = ["Global Administrator"]
    }
    "Existing Group" = {
      members = [
        "member1@tenantname.onmicrosoft.com",
        "member2@tenantname.onmicrosoft.com",
      ]
      roles        = ["Security Operator", "Cloud App Security Administrator"]
      create_group = false
    }
  }
}

Providers

Name Version
azuread ~> 3.3

Modules

No modules.

Resources

Name Type
azuread_directory_role.main resource
azuread_directory_role_eligibility_schedule_request.main resource
azuread_group_member.main resource
azuread_group_without_members.main resource
azuread_group.main data source
azuread_user.main data source

Inputs

Name Description Type Default Required
pim_enabled_groups Managed PIM groups with roles and members. 
map(object({
    roles                    = list(string)
    members                  = list(string)
    create_group             = optional(bool, true)
    custom_group_description = optional(string, null)
  }))
 n/a yes

Outputs

Name Description
resource Privileged Identity Management resource object.

Related documentation

Microsoft Azure documentation: PIM

About

Terraform module for Azure Privileged Identity Management (PIM)

Topics

module azure terraform claranet

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

 
 
 

Contributors

Languages