Updated to add in the access policy for the slot

DFE-Digital · Jun 12, 2024 · 0dd7e5a · 0dd7e5a
1 parent 2f0fcba
commit 0dd7e5a
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/terraform/modules/azure-web/web-app.tf b/terraform/modules/azure-web/web-app.tf
@@ -378,15 +378,15 @@ resource "azurerm_key_vault_access_policy" "webapp_kv_app_service" {
   certificate_permissions = ["Get"]
 }
 
-# # Grants permissions to key vault for the managed identity of the App Service slot
-# resource "azurerm_key_vault_access_policy" "webapp_kv_app_service_slot" {
-#   key_vault_id            = var.kv_id
-#   tenant_id               = data.azurerm_client_config.az_config.tenant_id
-#   object_id               = azurerm_linux_web_app_slot.webapp_slot.identity.0.principal_id
-#   key_permissions         = ["Get", "UnwrapKey", "WrapKey"]
-#   secret_permissions      = ["Get", "List"]
-#   certificate_permissions = ["Get"]
-# }
+# Grants permissions to key vault for the managed identity of the App Service slot
+resource "azurerm_key_vault_access_policy" "webapp_kv_app_service_slot" {
+  key_vault_id            = var.kv_id
+  tenant_id               = data.azurerm_client_config.az_config.tenant_id
+  object_id               = azurerm_linux_web_app_slot.webapp_slot.identity.0.principal_id
+  key_permissions         = ["Get", "UnwrapKey", "WrapKey"]
+  secret_permissions      = ["Get", "List"]
+  certificate_permissions = ["Get"]
+}
 
 resource "azurerm_app_service_certificate" "webapp_custom_domain_cert" {
   # Custom hostname only deployed to the Test and Production subscription