I have a terraform deployment which deploys resource groups, user assigned identities, role assignments and azure policies.
this was used to create 3 user assigned identities, approx 50 - 100 policies and policy assignments, and about 20 role assignments, without any issue.
recently, i added a few more policy definitions and another user assigned identity and now all of a sudden terraform thinks that something has changed with the user assigned identities and wants to destroy and replace all role assignments.
when i remove the additional user assigned identity and run a plan it returns to normal and sees no changes.
i run in DEBUG mode and saw the below log messages for all role assignments:
DestroyEdgeTransformer2: module.rg.azurerm_resource_group.rg[“rg-pr-1”] has stored dependency of module.role_assignments.azurerm_role_assignment.role_assignment[“sqlmi-contributor”] (destroy)
what is happening and how do i prevent it?
i only have one azurerm provider and no alias’