github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/authorization/AVD-AZU-0030/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/authorization/AVD-AZU-0030/Terraform.md (about)

     1  
     2  Use targeted permissions for roles
     3  
     4  ```hcl
     5   data "azurerm_subscription" "primary" {
     6   }
     7   
     8   resource "azurerm_role_definition" "example" {
     9     name        = "my-custom-role"
    10     scope       = data.azurerm_subscription.primary.id
    11     description = "This is a custom role created via Terraform"
    12   
    13     permissions {
    14       actions     = ["*"]
    15       not_actions = []
    16     }
    17   
    18     assignable_scopes = [
    19       data.azurerm_subscription.primary.id,
    20     ]
    21   }
    22   
    23  ```
    24  
    25  #### Remediation Links
    26   - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition#actions
    27