Skip to content

Commit

Permalink
grant reader_data_access on storage account not container
Browse files Browse the repository at this point in the history
  • Loading branch information
tjololo committed Sep 26, 2024
1 parent d31eb04 commit c02d192
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions infrastructure/products/azure_arm.tf
Original file line number Diff line number Diff line change
Expand Up @@ -244,8 +244,8 @@ resource "azurerm_role_assignment" "product_admins_contributor" {

# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment
resource "azurerm_role_assignment" "product_reader_storage_blob_reader_data_access" {
scope = azurerm_storage_container.container.resource_manager_id
principal_id = azuread_group.product_admins.object_id
scope = azurerm_storage_account.backend.id
principal_id = azuread_group.product_readers.object_id
role_definition_name = data.azurerm_role_definition.storage_blob_reader_data_access.name
# skip_service_principal_aad_check = true
}
Expand Down

0 comments on commit c02d192

Please sign in to comment.