Is it possible to terraform an azure active directory custom domain?
Searching through the docs the only thing I see is this data resource that allows me to read the currently existing ones:
https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/domains
If this is possible,links to the appropriate docs will do
Is it possible to terraform an azure active directory custom domain?
No.
Unfortunately, there is no support yet for custom domain creation using the azuread provider within Terraform.
Related
We have a multi-tenant Azure Active Directory setup that is using custom policies in Azure Active Directory B2C.
We are trying to dynamically load the list of valid token issuers, but unfortunately, we didn't find any documentation that would tell if this is possible and if yes, then how can we do it?
Does anyone have any idea/experience doing that?
I want to restrict the manner of which resource groups are created on my Azure Subscriptions.
I only want to allow the creation of RGs via Azure Pipelines using Terraform.
Is this possible? and how can i attack this?
THank you
You can't achieve it using Azure policy rather you need to create custom role by providing necessary permissions using RBAC and assign it to respective scope.
Also, if in case you are using Azure blueprints then I would suggest first to check deny assignments.
Here is the document for creating resource Group using terraform.
Also, you can go through this document which has related discussions.
Assigned Azure Custom Vision role to user but unable to access resource.
Errors shown:
Subdomain does not map to a resource.
Please check if desired resource exists in subscription.
image
As per this official documentation,
Azure Cognitive Services use custom subdomain names for each resource
created through the Azure portal, Azure Cloud Shell, or Azure CLI.
Unlike regional endpoints, which were common for all customers in a
specific Azure region, custom subdomain names are unique to the
resource. Custom subdomain names are required to enable features like
Azure Active Directory (Azure AD) for authentication.
So, I suggest you to first create a Custom subdomain name for the resource and then use RBAC user to access it.
Also, make sure the user has either Owner or atleast Contributor permission for that resource.
Follow below instructions to migrate an existing resource to leverage custom subdomain names:
Sign in to the Azure portal and locate the Cognitive Services resource that you'd like to add a custom subdomain name to.
In the Overview blade, locate and select Generate Custom Domain Name.
This opens a panel with instructions to create a unique custom subdomain for your resource.
I have two Azure Subscriptions, Enterprise and MSDN subsciptions. I want to transfer a resource group from one subsciption to another. Already found this method but it requires to change the tenant of one of the subscriptions. How to move resources from subscriptions in different directories in Azure
These accounts have different active directories (Cannot Change Directory). So essentially the tenantid remains different.
Official Docs also mentions this way https://azure.microsoft.com/en-in/documentation/articles/resource-group-move-resources/
Is there any alternate methods to move the RG?
I think there is no alternate method to move the RG. What you can do as a Workaround is to try to download the Automation Script (ARM template) for your Resource Group, delete the RG and deploy the template to your new subscription. But this only works for services that uses the Resource Manager (not Service Manager).
Also this only creates the services / infrastructure but you probably have to redeploy content depeding on which resources you are using.
Someone mentioned this can be done by contacting the support.
I found that its possible in some scenarios to do this by moving the resource group to a new/temporary subscription, and then transferring ownership of that subscription to the desire account. It doesn't matter if the account is on a different domain or not, however not all resource types can be transferred (e.g. Azure role-based access control assignments).
https://learn.microsoft.com/en-gb/azure/cost-management-billing/manage/billing-subscription-transfer?WT.mc_id=Portal-Microsoft_Azure_SubscriptionManagement
What should be the type under resources, if I want to create an ARM template for Azure Active Directory?
Is there any resources for adding User/Group/Application features in Azure Active Directory through ARM templates?
Currently, there is no way to programmatically provision an Azure Active Directory. Thus, there is also no ARM templates available for that.
You have to use either, the Graph API (REST) or a PowerShell Module like AzureAD to create User / Application for an existing AAD.
I'm pretty sure there is none, looking at the Azure ARM schema I don't see anything Azure AD related. You can look at the ARM Schema here.