💡 Feature Request - Descriptive module for creating security groups and mapping them to the custom roles through the roleAssignments module

[reduards]

Describe the solution you'd like

I would like to see a more descriptive way of creating security groups or mapping existing security groups to the customer roles and the right scope. We currently have a module for role assignment but no recommended path to utlize it in the intial deployment.

1. Create module or sub module (leverage by orchestration) to create security groups

2. Have an deployment example at roleAssignment module where these groups get mapped to corresponding custom role (NetOps for example) at a/the recommended scope.

Additional context

If you believe that this is a good idea, I am more than willing to help with this work.

EDIT: Just realised that creating Azure AD security groups with bicep is not supported. However, maybe we can leave a snippet with how to do it with PowerShell (New-AzureADGroup) similiar to how we show them how to retrieve object ID of an existing security group/spn/managed identity.

Best Regards, Rasmus

[jtracey93]

Hey @reduards,

As you have noticed creating AAD objects with Bicep is not yet supported. However, soon it hopefully will be.

Therefore I think we will place this one on long term hold until we see the AAD functionality come for Bicep.

Thanks

Jack

[oZakari]

Bicep support for Microsoft Graph is now in preview. As we are in the middle of refactoring this framework, we won't be incorporating this change at this time. However, I would recommend creating a request and potentially owning an Azure Verified Module pattern module to cover this scenario.