User-Assigned Managed Identities
A map-driven module creating one or many user-assigned managed identities, each with optional workload identity federation (OIDC) and least-privilege RBAC role assignments — no secrets to rotate.
Verification
Live-testedReally deployed, verified, idempotent and destroyed in a cloud sandbox.
Conformance
- Static validation (fmt · validate · tflint)
- Security scan (Checkov)
- Plan tests (mocked: validation rules · outputs)
Provenance
- SHA-256 checksum
- Signature (pending)
Functional
- Live-tested — applied, verified, destroyed
Last verified 2026-06-30 · how we verify
Documentation
azure-managed-identity
Create one or many user-assigned managed identities (a map-driven module),
each with optional workload identity federation (OIDC) and least-privilege
RBAC role assignments. A managed identity is the secret-free way to give an app,
VM, AKS workload or CI pipeline an Entra ID principal: no client secret to store
or rotate. Consumes an existing resource group. Works with Terraform and
OpenTofu (>= 1.6), azurerm provider >= 4.0, < 5.0. Creating identities is
free.
Requirements
| Requirement | Version |
|---|---|
| Terraform / OpenTofu | >= 1.6 |
hashicorp/azurerm | >= 4.0, < 5.0 |
The Microsoft.ManagedIdentity resource provider must be registered on the
subscription (and Microsoft.Authorization if you use role_assignments).
Verification
Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.
License
Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).
Usage code & full reference unlock after purchase
The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.
- Usage
- Inputs
- Outputs
- Security notes