Skip to content

azurermLighthouseDefinition

Manages a Lighthouse Definition.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermRoleDefinitionContributor =
  new azurerm.dataAzurermRoleDefinition.DataAzurermRoleDefinition(
    this,
    "contributor",
    {
      role_definition_id: "b24988ac-6180-42a0-ab88-20f7382dd24c",
    }
  );
new azurerm.lighthouseDefinition.LighthouseDefinition(this, "example", {
  authorization: [
    {
      principal_display_name: "Tier 1 Support",
      principal_id: "00000000-0000-0000-0000-000000000000",
      role_definition_id: dataAzurermRoleDefinitionContributor.roleDefinitionId,
    },
  ],
  description: "This is a lighthouse definition created via Terraform",
  managing_tenant_id: "00000000-0000-0000-0000-000000000000",
  name: "Sample definition",
  scope: "/subscriptions/00000000-0000-0000-0000-000000000000",
});

Argument Reference

The following arguments are supported:

  • lighthouseDefinitionId - (Optional) A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.

  • name - (Required) The name of the Lighthouse Definition. Changing this forces a new resource to be created.

  • managingTenantId - (Required) The ID of the managing tenant. Changing this forces a new resource to be created.

  • scope - (Required) The ID of the managed subscription. Changing this forces a new resource to be created.

  • authorization - (Required) An authorization block as defined below.

  • description - (Optional) A description of the Lighthouse Definition.

  • eligibleAuthorization - (Optional) An eligibleAuthorization block as defined below.

  • plan - (Optional) A plan block as defined below.

An authorization block supports the following:

  • principalId - (Required) Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.

  • roleDefinitionId - (Required) The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an owner role.

  • delegatedRoleDefinitionIds - (Optional) The set of role definition ids which define all the permissions that the principal id can assign.

  • principalDisplayName - (Optional) The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

An eligibleAuthorization block supports the following:

  • principalId - (Required) The Principal ID of the Azure Active Directory.

  • roleDefinitionId - (Required) The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.

  • justInTimeAccessPolicy - (Optional) A justInTimeAccessPolicy block as defined below.

  • principalDisplayName - (Optional) The display name of the Azure Active Directory Principal.

A justInTimeAccessPolicy block supports the following:

  • multiFactorAuthProvider - (Optional) The multi-factor authorization provider to be used for just-in-time access requests. Possible value is azure.

\~> Note: When this property isn't set, it would be set to none.

  • maximumActivationDuration - (Optional) The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to pt8H.

  • approver - (Optional) An approver block as defined below.

An approver block supports the following:

  • principalId - (Required) The Principal ID of the Azure Active Directory principal for the approver.

  • principalDisplayName - (Optional) The display name of the Azure Active Directory Principal for the approver.

A plan block supports the following:

  • name - (Required) The plan name of the marketplace offer.

  • publisher - (Required) The publisher ID of the plan.

  • product - (Required) The product code of the plan.

  • version - (Required) The version of the plan.

Attributes Reference

The following attributes are exported:

  • id - the fully qualified ID of the Lighthouse Definition.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Lighthouse Definition.
  • update - (Defaults to 30 minutes) Used when updating the Lighthouse Definition.
  • read - (Defaults to 5 minutes) Used when retrieving the Lighthouse Definition.
  • delete - (Defaults to 30 minutes) Used when deleting the Lighthouse Definition.

Import

Lighthouse Definitions can be imported using the resourceId, e.g.

terraform import azurerm_lighthouse_definition.example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ManagedServices/registrationDefinitions/00000000-0000-0000-0000-000000000000