andrewmatveychuk · November 11, 2024 12:34
diff --git a/keyVaultRoleAssignment.bicep b/keyVaultRoleAssignment.bicep
 // Key Vault with RBAC authorization mode
 resource existingKeyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' = {
  name: keyVaultName
 }

 // Creating a Key Vault RBAC roles mapping for more intuitive assignments
 var roleIdMapping = {
  'Key Vault Administrator': '00482a5a-887f-4fb3-b363-3b7fe8e74483'
  'Key Vault Certificates Officer': 'a4417e6f-fecd-4de8-b567-7b0420556985'
  'Key Vault Crypto Officer': '14b46e9e-c2b7-41b4-b07b-48a6ebf60603'
  'Key Vault Crypto Service Encryption User': 'e147488a-f6f5-4113-8e2d-b22465e65bf6'
  'Key Vault Crypto User': '12338af0-0e69-4776-bea7-57ae8d297424'
  'Key Vault Reader': '21090545-7ca7-4776-b22c-e363652d74d2'
  'Key Vault Secrets Officer': 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7'
  'Key Vault Secrets User': '4633458b-17de-408a-b874-0445c86b69e6'
 }

 // A Web App to assign role
 resource existingWebApp 'Microsoft.Web/sites@2023-12-01' existing = {
  name: webAppName
 }

 resource kvRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(roleIdMapping['Key Vault Secrets User'], existingWebApp.name, existingKeyVault.name)
  scope: keyVault
  properties: {
     // Using the role mapping to select appropriate role
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleIdMapping['Key Vault Secrets User'])
    principalId: existingWebApp.identity.principalId // Referencing principal ID using the web app resource
    principalType: 'ServicePrincipal'
  }
 }
	// Key Vault with RBAC authorization mode
	resource existingKeyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' = {
	name: keyVaultName
	}

	// Creating a Key Vault RBAC roles mapping for more intuitive assignments
	var roleIdMapping = {
	'Key Vault Administrator': '00482a5a-887f-4fb3-b363-3b7fe8e74483'
	'Key Vault Certificates Officer': 'a4417e6f-fecd-4de8-b567-7b0420556985'
	'Key Vault Crypto Officer': '14b46e9e-c2b7-41b4-b07b-48a6ebf60603'
	'Key Vault Crypto Service Encryption User': 'e147488a-f6f5-4113-8e2d-b22465e65bf6'
	'Key Vault Crypto User': '12338af0-0e69-4776-bea7-57ae8d297424'
	'Key Vault Reader': '21090545-7ca7-4776-b22c-e363652d74d2'
	'Key Vault Secrets Officer': 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7'
	'Key Vault Secrets User': '4633458b-17de-408a-b874-0445c86b69e6'
	}

	// A Web App to assign role
	resource existingWebApp 'Microsoft.Web/sites@2023-12-01' existing = {
	name: webAppName
	}

	resource kvRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
	name: guid(roleIdMapping['Key Vault Secrets User'], existingWebApp.name, existingKeyVault.name)
	scope: keyVault
	properties: {
	// Using the role mapping to select appropriate role
	roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleIdMapping['Key Vault Secrets User'])
	principalId: existingWebApp.identity.principalId // Referencing principal ID using the web app resource
	principalType: 'ServicePrincipal'
	}
	}