add billing reader role to api identity (#2004)

Co-authored-by: Ross Smith <ross-p-smith@users.noreply.github.com>
microsoft · Jun 9, 2022 · 559d061 · 559d061
1 parent 0683a93
commit 559d061
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/templates/core/terraform/identity.tf b/templates/core/terraform/identity.tf
@@ -14,6 +14,12 @@ resource "azurerm_role_assignment" "vm_contributor" {
   principal_id         = azurerm_user_assigned_identity.id.principal_id
 }
 
+resource "azurerm_role_assignment" "billing_reader" {
+  scope                = data.azurerm_subscription.current.id
+  role_definition_name = "Billing Reader"
+  principal_id         = azurerm_user_assigned_identity.id.principal_id
+}
+
 resource "azurerm_role_assignment" "acrpull_role" {
   scope                = data.azurerm_container_registry.mgmt_acr.id
   role_definition_name = "AcrPull"
@@ -37,3 +43,4 @@ resource "azurerm_role_assignment" "cosmos_contributor" {
   role_definition_name = "Contributor"
   principal_id         = azurerm_user_assigned_identity.id.principal_id
 }
+