Creating application configuration - Terraform

Configuration for applications should be stored in Azure App Configuration with secrets in a Key Vault.

# Create Azure App Configuration 
resource "azurerm_app_configuration" "appconfig" {
  name                = var.ac_name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "free"
  identity {
    type = "SystemAssigned"
  }
}
# Create a Key Vault for secrets
resource "azurerm_key_vault" "keyvault" {
  name                = var.kv_name
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  sku_name            = "standard"

  tenant_id = var.tenant_id
  access_policy {
    tenant_id = var.tenant_id
    object_id = "9399f964-9a08-452f-9eac-f1fc8874fa2d" // MicrosoftWebApp service principal (ClientID: abfa0a7c-a6b6-4736-8310-5855508787cd)

    secret_permissions      = ["Get"]
    certificate_permissions = ["Get"]
  }
  access_policy {
    tenant_id = var.tenant_id
    object_id = azurerm_windows_web_app.app_adminapi.identity[0].principal_id

    secret_permissions      = ["Get"]
    certificate_permissions = ["Get"]
  }
  access_policy {
    tenant_id = var.tenant_id
    object_id = azurerm_windows_web_app.app_aiapi.identity[0].principal_id

    secret_permissions      = ["Get"]
    certificate_permissions = ["Get"]
  }
  access_policy {
    tenant_id = var.tenant_id
    object_id = azurerm_windows_web_app.app_web.identity[0].principal_id

    secret_permissions      = ["Get"]
    certificate_permissions = ["Get"]
  }
  access_policy {
    tenant_id = var.tenant_id
    object_id = azurerm_windows_web_app.app_adminui.identity[0].principal_id

    secret_permissions      = ["Get"]
    certificate_permissions = ["Get"]
  }
  access_policy {
    tenant_id = var.tenant_id
    object_id = "55cb69f3-502c-4b9f-8804-47fe06981aca" // Andrew Settle ID

    key_permissions         = ["Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore"]
    secret_permissions      = ["Get", "List", "Set", "Delete", "Recover", "Backup", "Restore"]
    certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Recover", "Backup", "Restore"]
  }
  access_policy {
    tenant_id = var.tenant_id
    object_id = var.sp_enterprise_app_object_id // SP enterprise app object ID

    key_permissions         = ["Get"]
    secret_permissions      = ["Get", "List"]
    certificate_permissions = ["Get"]
  }
}