Hi Everyone,
I am trying to assign a role to my Automation Account System Assigned Identity. I tried a lot of troubleshooting but no luck. Below is the structure for my code.
Modules
.terraform
Application Registration
Automation Account
Automation Job Schedule
Automation Runbook
Automation Schedule
Resorce Group
terraform.tfstate.d
.terraform.lock.hcl
accountvariables.tfvars
main.tf — This is my root module
provider.tf
terraform.tfstate
terraform.tfstate.backup
variables.tf
Child modules such as Application Registration, Automation Account, Automation Job Schedule, Automation Runbook, Automation Schedule and Resource Group has main, output and variables.tf files.
The Role Assignment part is under Automation Account module.
main.tf
name = var.automation-account-name
location = var.location
resource_group_name = var.resource-group-name
sku_name = var.automation-account-sku-name
identity {
type = var.identity
}
tags = merge(
var.default-tags
)
}
data "azurerm_subscription" "primary" {
}
data "azurerm_client_config" "current" {
}
resource "azurerm_role_assignment" "role-assignment" {
scope = data.azurerm_subscription.primary.id
role_definition_name = var.role-definition-name
principal_id = azurerm_automation_account.automation-account.identity[0].principal_id
}```
**output.tf**
```output "automation-account-name" {
value = azurerm_automation_account.automation-account.name
}
output "account_id" {
value = data.azurerm_client_config.current.client_id
}```
**variables.tf**
```variable "automation-account-name" {
type = string
description = "This defines the automation account name."
}
variable "location" {
type = string
description = "This defines the automation account location."
}
variable "resource-group-name" {
type = string
description = "This defines the resource group name."
}
variable "automation-account-sku-name" {
type = string
description = "This defines the SKU of the automation account - only Basic is supported at this time."
}
variable "default-tags" {
type = map
description = "This defines the default tags."
}
variable "identity" {
type = string
description = "This defines the identity used for the automation account."
}
variable "scope" {
type = string
}
variable "role-definition-name" {
type = string
}
variable "principal-id" {
type = string
}```
This is my main.tf root module looks like
```module "AutomationAccount" {
source = "./Automation Account"
default-tags = local.common_tags_v2
automation-account-name = format("%s-%s-%s-%s", "aa", local.account, var.client, local.environment)
location = local.location
resource-group-name = module.ResourceGroup.resource-group-name
automation-account-sku-name = var.automation-account-sku-name
identity = var.identity
scope = data.azurerm_subscription.primary.id
role-definition-name = "Contributor"
principal-id = module.AutomationAccount.automation-account-name.identity
}```
I am getting the below error:
```Error: Unsupported attribute
│
│ on main.tf line 49, in module "AutomationAccount":
│ 49: principal-id = module.AutomationAccount.automation-account-name.identity
│ ├────────────────│ │ module.AutomationAccount.automation-account-name is "aa-aiops-iemp-dev"│
│ Can't access attributes on a primitive-typed value (string).```
Thank you in advance for the help.