CloudWiki
Resource

User

Microsoft Azure
Identity
Azure Active Directory (Azure AD) user is a user account that is stored in the Azure AD directory. Azure AD users can be assigned to groups, assigned roles and permissions, and used to authenticate and authorize access to Azure resources and applications. Azure AD provides several authentication methods for Azure AD users, including username and password, multi-factor authentication (MFA), and smart card authentication. Azure AD also provides conditional access policies, which allow users to define access policies based on the user's location, device, and other factors to help protect their organization's resources.‍
Terraform Name
terraform
azuread_user
User
attributes:

The following arguments are supported:

  • account_enabled - (Optional) Whether or not the account should be enabled.
  • age_group - (Optional) The age group of the user. Supported values are Adult, NotAdult and Minor. Omit this property or specify a blank string to unset.
  • business_phones - (Optional) A list of telephone numbers for the user. Only one number can be set for this property. Read-only for users synced with Azure AD Connect.
  • city - (Optional) The city in which the user is located.
  • company_name - (Optional) The company name which the user is associated. This property can be useful for describing the company that an external user comes from.
  • consent_provided_for_minor - (Optional) Whether consent has been obtained for minors. Supported values are Granted, Denied and NotRequired. Omit this property or specify a blank string to unset.
  • cost_center - (Optional) The cost center associated with the user.
  • country - (Optional) The country/region in which the user is located, e.g. US or UK.
  • department - (Optional) The name for the department in which the user works.
  • disable_password_expiration - (Optional) Whether the user's password is exempt from expiring. Defaults to false.
  • disable_strong_password - (Optional) Whether the user is allowed weaker passwords than the default policy to be specified. Defaults to false.
  • display_name - (Required) The name to display in the address book for the user.
  • division - (Optional) The name of the division in which the user works.
  • employee_id - (Optional) The employee identifier assigned to the user by the organisation.
  • employee_type - (Optional) Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor.
  • fax_number - (Optional) The fax number of the user.
  • force_password_change - (Optional) Whether the user is forced to change the password during the next sign-in. Only takes effect when also changing the password. Defaults to false.
  • given_name - (Optional) The given name (first name) of the user.
  • job_title - (Optional) The user’s job title.
  • mail - (Optional) The SMTP address for the user. This property cannot be unset once specified.
  • mail_nickname - (Optional) The mail alias for the user. Defaults to the user name part of the user principal name (UPN).
  • manager_id - (Optional) The object ID of the user's manager.
  • mobile_phone - (Optional) The primary cellular telephone number for the user.
  • office_location - (Optional) The office location in the user's place of business.
  • onpremises_immutable_id - (Optional) The value used to associate an on-premise Active Directory user account with their Azure AD user object. This must be specified if you are using a federated domain for the user's user_principal_name property when creating a new user account.
  • other_mails - (Optional) A list of additional email addresses for the user.
  • password - (Optional) The password for the user. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters. This property is required when creating a new user.

Passwords and importing users

Passwords can be changed but not cleared. Removing the password property for an existing user resource, or setting the password value to a blank string, will not remove the password. When importing a user, Terraform will not reset the password unless the value is subsequently changed in your configuration.

  • postal_code - (Optional) The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.
  • preferred_language - (Optional) The user's preferred language, in ISO 639-1 notation.
  • show_in_address_list - (Optional) Whether or not the Outlook global address list should include this user. Defaults to true.
  • state - (Optional) The state or province in the user's address.
  • street_address - (Optional) The street address of the user's place of business.
  • surname - (Optional) The user's surname (family name or last name).
  • usage_location - (Optional) The usage location of the user. Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. The usage location is a two letter country code (ISO standard 3166). Examples include: NO, JP, and GB. Cannot be reset to null once set.
  • user_principal_name - (Required) The user principal name (UPN) of the user.

Associating resources with a
User
Resources do not "belong" to a
User
Rather, one or more Security Groups are associated to a resource.
Create
User
via Terraform:
The following HCL manages a user within Azure Active Directory
Syntax:

resource "azuread_user" "example" {
 user_principal_name = "jdoe@hashicorp.com"
 display_name        = "J. Doe"
 mail_nickname       = "jdoe"
 password            = "SecretP@sswd99!"
}

Create
User
via CLI:
Parametres:

az ad user create --display-name
                 --password
                 --user-principal-name
                 [--force-change-password-next-sign-in {false, true}]
                 [--immutable-id]
                 [--mail-nickname]

Example:

az ad user create --display-name myuser --password password --user-principal-name myuser@contoso.com

aws cost
Costs
Direct Cost
Indirect Cost
No items found.
Best Practices for
User

Categorized by Availability, Security & Compliance and Cost

Low
Access allowed from VPN
No items found.
Low
Auto Scaling Group not in use
No items found.
Medium
Connections towards DynamoDB should be via VPC endpoints
No items found.
Medium
Container in CrashLoopBackOff state
No items found.
Low
EC2 with GPU capabilities
No items found.
Medium
EC2 with high privileged policies
No items found.
Medium
ECS cluster delete alarm
No items found.
Critical
ECS task with Admin access (*:*)
Medium
ECS task with high privileged policies
No items found.
Critical
EKS cluster delete alarm
No items found.
Medium
ElastiCache cluster delete alarm
No items found.
Medium
Ensure Container liveness probe is configured
No items found.
Medium
Ensure ECS task definition has memory limit
No items found.
Critical
Ensure EMR cluster master nodes are not publicly accessible
No items found.
More from
Microsoft Azure