Getting system assigned managed identity id from app_service datasource

We have a terraform layer in which we create our app services, and in another layer we create our access policies. I need to be able to create a keyvault accesspolicy, for one of our app services. The app service is using a system assigned managed identity.

So, in code, this is more or less what i want to do:

data "azurerm_app_service" "myapi" {
  resource_group_name = "omitted"
  name     = "omitted"

resource "azurerm_key_vault_access_policy" "newaccesspolicy" {
  key_vault_id = "omitted"
  tenant_id    = "omitted"
  object_id    = "${data.azurerm_app_service.myapi.identity.identity_ids[0]}"
  secret_permissions = [

This is impossible though, since i am getting this error:

Resource ‘data.azurerm_app_service.omitted’ does not have attribute ‘identity’ for variable ‘data.azurerm_app_service.omitted.identity’

The documentation for the app_service data source is indeed not listing the identity property:

It is, however on the resource itsself:

Any idea on how i can work around this?


Seems like you can access info about system-assigned managed identity associated with App Service only from azurerm_app_service resource and not from azurerm_app_service data source:

Regarding workaround:
maybe Output Values can help you: