First some of my opinions. When setting RBAC controls, you have the option of assigning user and/or group objects to various Azure roles at a defined scope (think contributor, reader, owner, etc). Personally, I am a big fan of Azure Active Directory, and using groups to manage memberships (and all the cool features that come with it). This is the type of setup I like to see.
Doing things this way, in my opinion, you get the best of both world from a management perspective. You also get a happy admin.
Okay, so how do we do this using Azure Blueprints. The first thing you will need is to pre-create the Azure Active Directory groups you want to use in your blueprints. I would love to see Azure Blueprints be able to create these principals, but right now you can't.
Head into Azure Blueprints and find the blueprint you would like to edit.
Under Artifacts and the correct resource group, click the Add Artifact button.
Add a Role Assignment artifact type with appropriate values.
After that, save the draft and publish it to have it automatically applied.
No comments:
Post a Comment