Hi @Anonymous ,
Thanks for reaching out.
There is no direct template available for your requirement.
However, you can leverage the samples provided to create a bicep file accordingly.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-rbac
Currently you cannot create a group with bicep template. Our team is working on an MS Graph (AAD) provider for Bicep so you can create App registrations and other AAD objects, but don't have a clear ETA as of now.
You can create a group using Graph API and then assign roles to the group using principal Id where you can assign the object Id of a group.
resource keyVaultRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(subscription().id, 'keyVaultRoleAssignment', keyVaultName, adGroup.name)
scope: resourceGroup(keyVaultName)
properties: {
principalId: adGroup.properties.objectId
roleDefinitionId: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/027d7fcf-ec02-4c6f-b5bf-935c71b4ba42' // Key Vault Contributor
}
}
resource appConfigRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(subscription().id, 'appConfigRoleAssignment', appConfigName, adGroup.name)
scope: resourceGroup(appConfigName)
properties: {
principalId: adGroup.properties.objectId
roleDefinitionId: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' // App Configuration Data Owner
}
}
resource serviceBusRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(subscription().id, 'serviceBusRoleAssignment', serviceBusName, adGroup.name)
scope: resourceGroup(serviceBusName)
properties: {
principalId: adGroup.properties.objectId
roleDefinitionId: '/subscriptions/${subscription().subscriptionId}/providers
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.