We have a terraform layer in which we create our app services, and in another layer we create our access policies. I need to be able to create a keyvault accesspolicy, for one of our app services. The app service is using a system assigned managed identity.
So, in code, this is more or less what i want to do:
data "azurerm_app_service" "myapi" {
resource_group_name = "omitted"
name = "omitted"
}
resource "azurerm_key_vault_access_policy" "newaccesspolicy" {
key_vault_id = "omitted"
tenant_id = "omitted"
object_id = "${data.azurerm_app_service.myapi.identity.identity_ids[0]}"
secret_permissions = [
"get"
]
}
This is impossible though, since i am getting this error:
Resource ‘data.azurerm_app_service.omitted’ does not have attribute ‘identity’ for variable ‘data.azurerm_app_service.omitted.identity’
The documentation for the app_service data source is indeed not listing the identity property:
It is, however on the resource itsself:
Any idea on how i can work around this?