What I'm attempting: Use Terraform automate SAML relations between Azure <> Okta <> AWS.
What I'm missing: any sort of formal education on Azure; pure noob.
I've followed the Okta docs and performed those steps (for an Enterprise Application) manually; they worked perfectly.
I'm nearing the end of terraforming the solution but hung up on one thing. The EA that was created manually has this block:
resource "azuread_application" "test" {
...
oauth2_permission_scope_ids = {
"user_impersonation" = "00000000-0000-0000-0000-000000000000"
}
The Terraformed instance of the EA is missing this parameter/value. It was created for me when doing the steps manually in the UI - but with Terraforming, I'm responsible for creating it. It's necessary but I can't seem to find out where it comes from. Also, this UUID shows up in these places as well:
resource "azuread_application" "test" {
oauth2_permission_scope_ids = {
"user_impersonation" = "00000000-0000-0000-0000-000000000000"
...
api {
...
oauth2_permission_scope {
...
id = "00000000-0000-0000-0000-000000000000"
}
resource "azuread_service_principal" "test" {
...
oauth2_permission_scope_ids = {
"user_impersonation" = "00000000-0000-0000-0000-000000000000"
}
...
oauth2_permission_scopes = [
{
...
id = "00000000-0000-0000-0000-000000000000"
How would one go about finding a specific resource in Azure using only a UUID?
Or, maybe someone knows which resource needs to be terraformed?
Either/both answers would be welcome, TIA.
For built-in scopes, you have to use the default ID.
Azure Active Directory > App registration > API Permission
The below Terraform code will create the Azure AD Application with custom scope with random UUID
Terraform Apply:
Once ran the above code scope is added to application successfully.
Reference: Resource: azuread_application