Unable to get SystemAssigned identity attributes

Following block in app_service is supposed to create a System Generated tenant_id and principal_id that can be used in the later blocks

identity {
type = “SystemAssigned”
}

But when I try to use these these as follows

resource “azurerm_key_vault_access_policy” “app” {
key_vault_id = var.key_vault_id
tenant_id = azurerm_app_service.app.identity[0].tenant_id
object_id = azurerm_app_service.app.identity[0].principal_id
secret_permissions = [“get”, “list”]

depends_on = [azurerm_app_service.app]
}

terraform throws an error

Error: “object_id”: required field is not set

on …\modules\app-service\main.tf line 68, in resource “azurerm_key_vault_access_policy” “app”:
68: resource “azurerm_key_vault_access_policy” “app” {

Error: “tenant_id”: required field is not set

on …\modules\app-service\main.tf line 68, in resource “azurerm_key_vault_access_policy” “app”:
68: resource “azurerm_key_vault_access_policy” “app” {

Any ideas?

I found out that you need to have system assigned identity enabled on that resource, and then you can query for that identity. I’ve done it in two deployments, but there must be some other way to achieve this. Will comment when I find another way :slight_smile: