I’m currently facing a challenge while trying to manage client IDs and their associated scopes in Azure using Terraform. While I understand how to perform this task manually in the Azure portal, I’m struggling to replicate the process using Terraform scripts.
In the Terraform documentation, I’ve come across resources such as azurerm_azuread_application, which seem relevant for managing Azure AD applications and permissions. However, I’m unsure about the specific steps to add new client IDs and their scopes programmatically.
Could someone provide guidance or point me in the right direction on how to achieve this with Terraform? Any insights, examples, or documentation references would be greatly appreciated.
To add client IDs and scopes in Azure AD using Terraform, you’ll need to:
1. Use azurerm_azuread_application to create an Azure AD application (the client ID).
2. Define app roles (scopes) within the azurerm_azuread_application resource if custom scopes are needed.
3. Use azurerm_azuread_app_role to create app roles and azurerm_azuread_service_principal for the application’s service principal.
4. Assign required API permissions using azurerm_azuread_application_app_role_assignment for app roles or azurerm_azuread_service_principal_delegated_permission_grant for delegated permissions.
Refer to the Terraform documentation for the most up-to-date information and examples.