How to assign policies by updating ARM template?
Hello all! I need to assign policies to my subscription for it to be compliant. How will I be able to assign the policies by updating the ARM template of the subscription? Also, I found out a way to assign policies through azure portal, will the policies assigned through portal will be also included in the ARM template? Where can I find and edit the ARM template for my subscription? And how will I deploy it? Thank you in advance!
assign an logic apps system assigned managed identity to a role with terraform and arm template
Hi there, i am trying to assign an logic apps system assigned managed identity to a role for starting/stopping a virtual machine. i use terraform to deploy the logic app template like this: resource "azurerm_template_deployment" "myterraformscheduledvmdown" { name = "scheduledvmdown" resource_group_name = "j14t23resources" template_body = <<DEPLOY { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { }, "variables": { }, "resources": [ { "type": "Microsoft.Logic/workflows", "apiVersion": "2019-05-01", "name": "scheduledvmdown", "location": "westus2", "identity": { "type": "SystemAssigned" }, "properties": .... } } ], "outputs": { "appid": { "type": "string", "value": "[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.tenantId]" } } } DEPLOY parameters = { } deployment_mode = "Incremental" } output "appid" { value = "${lookup(azurerm_template_deployment.myterraformscheduledvmdown.outputs, "appid")}" } resource "azurerm_role_assignment" "scheduletovmdown" { scope = azurerm_linux_virtual_machine.myterraformvm.id role_definition_name = "Virtual Machine Contributor" principal_id = azurerm_template_deployment.myterraformscheduledvmdown.outputs["appid"] } i get the following error message while trying to deploy: Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx does not exist in the directory xxxxx-x-x-x-xxxx." my assumption is, that i do not get the right id with the templates Output: "[reference(resourceId('Microsoft.Logic/workflows/', 'scheduledvmdown'), '2019-05-01', 'Full').Identity.tenantId]" do you have any idea what i did wrong? or a nicer approach to assign the apps generated identity to a vm? thanks tbz