terraform spitting out 403 access error when creating keyvault secret in azure


I bump into this issues alot when i try to create a keyvault, then setup some poliy around it and then when i add secret / key into it, bang! this happens -

terraform spitting out 403 access error when creating keyvault secret in azure


Solution that worked for me (adds depends_on) into EVERY "azurerm_key_vault_secret" and key that is about to be written into a keyvault. This happens when you trying to create key vault and then add policy. If you're just adding secret (with the keyvault already exist), then you're fine.

Yes, add to every secret or key that has a dependencies and you can have it as a module. It won't work.




resource "azurerm_key_vault" "kvpaymentengine" {
name = "${var.environment}${var.keyvault_name}"
location = "${var.location}"
resource_group_name = "${module.pmt-rg.rg_name}"
tenant_id = "${var.tenant_id}"
}

resource "azurerm_key_vault_access_policy" "policykvpaymentengine" {
key_vault_id = "${azurerm_key_vault.kvpaymentengine.id}"
tenant_id = "${var.tenant_id}"
object_id = "${data.azurerm_client_config.current.service_principal_object_id}"
key_permissions = "${var.key_permissions}"
secret_permissions = "${var.secret_permissions}"
certificate_permissions = "${var.certificate_permissions}"
}

resource "azurerm_key_vault_secret" "listen_vault" {
name = "ehpmtexception-listen"
value = "${module.pmt_exception.eventhub_SAS_policy_listen_primary_connection_string}"
key_vault_id = "${azurerm_key_vault.kvpaymentengine.id}"
depends_on = ["azurerm_key_vault_access_policy.policykvpaymentengine"]
}


Comments

Popular posts from this blog

Solving Sonarqube :- Project was never analyzed. A regular analysis is required before a branch analysis

PySpark - Working with JDBC Sqlite database