You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using an Azure Blob Storage Container as Terraform Backend.
The storage account is located within a resource group that is protected against deletion using a "cannot delete" lock.
Creating Dynamic Service Principals with the Storage Blob Data Contributor role works fine.
What does not work is the removal of the role assignment when the lease expires, since the role assignment "lives" within the locked resource group.
Questions:
What is the general guidance on using dynamic service principals with roles scoped to resources within a locked resource group?
I've noticed that the Vault (v1.15.4) relentlessly attempts to remove previous role assignments - Is there a way to prevent this behavior?
The text was updated successfully, but these errors were encountered:
I'm using an Azure Blob Storage Container as Terraform Backend.
The storage account is located within a resource group that is protected against deletion using a "cannot delete" lock.
Creating Dynamic Service Principals with the
Storage Blob Data Contributorrole works fine.What does not work is the removal of the role assignment when the lease expires, since the role assignment "lives" within the locked resource group.
Questions:
The text was updated successfully, but these errors were encountered: