Skip to content

azurermConfidentialLedger

Manages a Confidential Ledger.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const dataAzurermClientConfigCurrent =
  new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
    this,
    "current",
    {}
  );
new azurerm.confidentialLedger.ConfidentialLedger(this, "ledger", {
  azuread_based_service_principal: [
    {
      ledger_role_name: "Administrator",
      principal_id: dataAzurermClientConfigCurrent.objectId,
      tenant_id: dataAzurermClientConfigCurrent.tenantId,
    },
  ],
  ledger_type: "Private",
  location: azurermResourceGroupExample.location,
  name: "example-ledger",
  resource_group_name: azurermResourceGroupExample.name,
});

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the Confidential Ledger. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the Resource Group where the Confidential Ledger exists. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the Confidential Ledger exists. Changing this forces a new resource to be created.

  • azureadBasedServicePrincipal - (Required) A list of azureadBasedServicePrincipal blocks as defined below.

  • ledgerType - (Required) Specifies the type of Confidential Ledger. Possible values are private and public. Changing this forces a new resource to be created.

  • certificateBasedSecurityPrincipal - (Optional) A list of certificateBasedSecurityPrincipal blocks as defined below.

  • tags - (Optional) A mapping of tags to assign to the Confidential Ledger.

A azureadBasedServicePrincipal block supports the following:

  • ledgerRoleName - (Required) Specifies the Ledger Role to grant this AzureAD Service Principal. Possible values are administrator, contributor and reader.

  • principalId - (Required) Specifies the Principal ID of the AzureAD Service Principal.

  • tenantId - (Required) Specifies the Tenant ID for this AzureAD Service Principal.

A certificateBasedSecurityPrincipal block supports the following:

  • ledgerRoleName - (Required) Specifies the Ledger Role to grant this Certificate Security Principal. Possible values are administrator, contributor and reader.

  • pemPublicKey - (Required) The public key, in PEM format, of the certificate used by this identity to authenticate with the Confidential Ledger.

Attributes Reference

The following attributes are exported:

  • id - The ID of this Confidential Ledger.

  • identityServiceEndpoint - The Identity Service Endpoint for this Confidential Ledger.

  • ledgerEndpoint - The Endpoint for this Confidential Ledger.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Confidential Ledger.
  • update - (Defaults to 30 minutes) Used when updating the Confidential Ledger.
  • read - (Defaults to 5 minutes) Used when retrieving the Confidential Ledger.
  • delete - (Defaults to 30 minutes) Used when deleting the Confidential Ledger.

Import

Confidential Ledgers can be imported using the resourceId, e.g.

terraform import azurerm_confidential_ledger.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-group/providers/Microsoft.ConfidentialLedger/ledgers/example-ledger