I have a managed service identity workflow-identity living on subscription A. I set up another subscription B and set up a storage account storageb. I want to setup azurerm_role_assignment to let A access storageb.
So I used :
>terraform import azurerm_user_assigned_identity.example /subscriptions/[subscription-B]/resourceGroups/[resource-group-id]/providers/Microsoft.ManagedIdentity/userAssignedIdentities/workflow-identity But it does not work. The reason I guess is because I am trying to import managed service identity from a different subscription. So my question is how to import from a different subscription in my case?
Here is my code example:
resource "azurerm_storage_account" "storage1" {
name = var.storage_account
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_user_assigned_identity" "example" {
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
name = "search-api"
# subscription_id = 12333. <---- not working. not supported.
}
resource "azurerm_role_assignment" "storage_role" {
scope = azurerm_storage_account.storage1.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = azurerm_user_assigned_identity.example.principal_id
}
