Azure v6.24.0, Jun 18 25

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi

pulumi/pulumi-azure

azure.lighthouse.Definition

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const contributor = azure.authorization.getRoleDefinition({
    roleDefinitionId: "b24988ac-6180-42a0-ab88-20f7382dd24c",
});
const example = new azure.lighthouse.Definition("example", {
    name: "Sample definition",
    description: "This is a lighthouse definition created IaC",
    managingTenantId: "00000000-0000-0000-0000-000000000000",
    scope: "/subscriptions/00000000-0000-0000-0000-000000000000",
    authorizations: [{
        principalId: "00000000-0000-0000-0000-000000000000",
        roleDefinitionId: contributor.then(contributor => contributor.roleDefinitionId),
        principalDisplayName: "Tier 1 Support",
    }],
});

import pulumi
import pulumi_azure as azure

contributor = azure.authorization.get_role_definition(role_definition_id="b24988ac-6180-42a0-ab88-20f7382dd24c")
example = azure.lighthouse.Definition("example",
    name="Sample definition",
    description="This is a lighthouse definition created IaC",
    managing_tenant_id="00000000-0000-0000-0000-000000000000",
    scope="/subscriptions/00000000-0000-0000-0000-000000000000",
    authorizations=[{
        "principal_id": "00000000-0000-0000-0000-000000000000",
        "role_definition_id": contributor.role_definition_id,
        "principal_display_name": "Tier 1 Support",
    }])

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/lighthouse"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		contributor, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			RoleDefinitionId: pulumi.StringRef("b24988ac-6180-42a0-ab88-20f7382dd24c"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = lighthouse.NewDefinition(ctx, "example", &lighthouse.DefinitionArgs{
			Name:             pulumi.String("Sample definition"),
			Description:      pulumi.String("This is a lighthouse definition created IaC"),
			ManagingTenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000"),
			Authorizations: lighthouse.DefinitionAuthorizationArray{
				&lighthouse.DefinitionAuthorizationArgs{
					PrincipalId:          pulumi.String("00000000-0000-0000-0000-000000000000"),
					RoleDefinitionId:     pulumi.String(contributor.RoleDefinitionId),
					PrincipalDisplayName: pulumi.String("Tier 1 Support"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var contributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
    {
        RoleDefinitionId = "b24988ac-6180-42a0-ab88-20f7382dd24c",
    });

    var example = new Azure.Lighthouse.Definition("example", new()
    {
        Name = "Sample definition",
        Description = "This is a lighthouse definition created IaC",
        ManagingTenantId = "00000000-0000-0000-0000-000000000000",
        Scope = "/subscriptions/00000000-0000-0000-0000-000000000000",
        Authorizations = new[]
        {
            new Azure.Lighthouse.Inputs.DefinitionAuthorizationArgs
            {
                PrincipalId = "00000000-0000-0000-0000-000000000000",
                RoleDefinitionId = contributor.Apply(getRoleDefinitionResult => getRoleDefinitionResult.RoleDefinitionId),
                PrincipalDisplayName = "Tier 1 Support",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.lighthouse.Definition;
import com.pulumi.azure.lighthouse.DefinitionArgs;
import com.pulumi.azure.lighthouse.inputs.DefinitionAuthorizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var contributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .roleDefinitionId("b24988ac-6180-42a0-ab88-20f7382dd24c")
            .build());

        var example = new Definition("example", DefinitionArgs.builder()
            .name("Sample definition")
            .description("This is a lighthouse definition created IaC")
            .managingTenantId("00000000-0000-0000-0000-000000000000")
            .scope("/subscriptions/00000000-0000-0000-0000-000000000000")
            .authorizations(DefinitionAuthorizationArgs.builder()
                .principalId("00000000-0000-0000-0000-000000000000")
                .roleDefinitionId(contributor.roleDefinitionId())
                .principalDisplayName("Tier 1 Support")
                .build())
            .build());

    }
}

resources:
  example:
    type: azure:lighthouse:Definition
    properties:
      name: Sample definition
      description: This is a lighthouse definition created IaC
      managingTenantId: 00000000-0000-0000-0000-000000000000
      scope: /subscriptions/00000000-0000-0000-0000-000000000000
      authorizations:
        - principalId: 00000000-0000-0000-0000-000000000000
          roleDefinitionId: ${contributor.roleDefinitionId}
          principalDisplayName: Tier 1 Support
variables:
  contributor:
    fn::invoke:
      function: azure:authorization:getRoleDefinition
      arguments:
        roleDefinitionId: b24988ac-6180-42a0-ab88-20f7382dd24c

API Providers

This resource uses the following Azure API Providers:

Microsoft.ManagedServices: 2022-10-01

Create Definition Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Definition(name: string, args: DefinitionArgs, opts?: CustomResourceOptions);

@overload
def Definition(resource_name: str,
               args: DefinitionArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def Definition(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               authorizations: Optional[Sequence[DefinitionAuthorizationArgs]] = None,
               managing_tenant_id: Optional[str] = None,
               scope: Optional[str] = None,
               description: Optional[str] = None,
               eligible_authorizations: Optional[Sequence[DefinitionEligibleAuthorizationArgs]] = None,
               lighthouse_definition_id: Optional[str] = None,
               name: Optional[str] = None,
               plan: Optional[DefinitionPlanArgs] = None)

func NewDefinition(ctx *Context, name string, args DefinitionArgs, opts ...ResourceOption) (*Definition, error)

public Definition(string name, DefinitionArgs args, CustomResourceOptions? opts = null)

public Definition(String name, DefinitionArgs args)
public Definition(String name, DefinitionArgs args, CustomResourceOptions options)

type: azure:lighthouse:Definition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DefinitionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DefinitionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DefinitionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DefinitionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DefinitionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var definitionResource = new Azure.Lighthouse.Definition("definitionResource", new()
{
    Authorizations = new[]
    {
        new Azure.Lighthouse.Inputs.DefinitionAuthorizationArgs
        {
            PrincipalId = "string",
            RoleDefinitionId = "string",
            DelegatedRoleDefinitionIds = new[]
            {
                "string",
            },
            PrincipalDisplayName = "string",
        },
    },
    ManagingTenantId = "string",
    Scope = "string",
    Description = "string",
    EligibleAuthorizations = new[]
    {
        new Azure.Lighthouse.Inputs.DefinitionEligibleAuthorizationArgs
        {
            PrincipalId = "string",
            RoleDefinitionId = "string",
            JustInTimeAccessPolicy = new Azure.Lighthouse.Inputs.DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs
            {
                Approvers = new[]
                {
                    new Azure.Lighthouse.Inputs.DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs
                    {
                        PrincipalId = "string",
                        PrincipalDisplayName = "string",
                    },
                },
                MaximumActivationDuration = "string",
                MultiFactorAuthProvider = "string",
            },
            PrincipalDisplayName = "string",
        },
    },
    LighthouseDefinitionId = "string",
    Name = "string",
    Plan = new Azure.Lighthouse.Inputs.DefinitionPlanArgs
    {
        Name = "string",
        Product = "string",
        Publisher = "string",
        Version = "string",
    },
});

example, err := lighthouse.NewDefinition(ctx, "definitionResource", &lighthouse.DefinitionArgs{
	Authorizations: lighthouse.DefinitionAuthorizationArray{
		&lighthouse.DefinitionAuthorizationArgs{
			PrincipalId:      pulumi.String("string"),
			RoleDefinitionId: pulumi.String("string"),
			DelegatedRoleDefinitionIds: pulumi.StringArray{
				pulumi.String("string"),
			},
			PrincipalDisplayName: pulumi.String("string"),
		},
	},
	ManagingTenantId: pulumi.String("string"),
	Scope:            pulumi.String("string"),
	Description:      pulumi.String("string"),
	EligibleAuthorizations: lighthouse.DefinitionEligibleAuthorizationArray{
		&lighthouse.DefinitionEligibleAuthorizationArgs{
			PrincipalId:      pulumi.String("string"),
			RoleDefinitionId: pulumi.String("string"),
			JustInTimeAccessPolicy: &lighthouse.DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs{
				Approvers: lighthouse.DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArray{
					&lighthouse.DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs{
						PrincipalId:          pulumi.String("string"),
						PrincipalDisplayName: pulumi.String("string"),
					},
				},
				MaximumActivationDuration: pulumi.String("string"),
				MultiFactorAuthProvider:   pulumi.String("string"),
			},
			PrincipalDisplayName: pulumi.String("string"),
		},
	},
	LighthouseDefinitionId: pulumi.String("string"),
	Name:                   pulumi.String("string"),
	Plan: &lighthouse.DefinitionPlanArgs{
		Name:      pulumi.String("string"),
		Product:   pulumi.String("string"),
		Publisher: pulumi.String("string"),
		Version:   pulumi.String("string"),
	},
})

var definitionResource = new com.pulumi.azure.lighthouse.Definition("definitionResource", com.pulumi.azure.lighthouse.DefinitionArgs.builder()
    .authorizations(DefinitionAuthorizationArgs.builder()
        .principalId("string")
        .roleDefinitionId("string")
        .delegatedRoleDefinitionIds("string")
        .principalDisplayName("string")
        .build())
    .managingTenantId("string")
    .scope("string")
    .description("string")
    .eligibleAuthorizations(DefinitionEligibleAuthorizationArgs.builder()
        .principalId("string")
        .roleDefinitionId("string")
        .justInTimeAccessPolicy(DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs.builder()
            .approvers(DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs.builder()
                .principalId("string")
                .principalDisplayName("string")
                .build())
            .maximumActivationDuration("string")
            .multiFactorAuthProvider("string")
            .build())
        .principalDisplayName("string")
        .build())
    .lighthouseDefinitionId("string")
    .name("string")
    .plan(DefinitionPlanArgs.builder()
        .name("string")
        .product("string")
        .publisher("string")
        .version("string")
        .build())
    .build());

definition_resource = azure.lighthouse.Definition("definitionResource",
    authorizations=[{
        "principal_id": "string",
        "role_definition_id": "string",
        "delegated_role_definition_ids": ["string"],
        "principal_display_name": "string",
    }],
    managing_tenant_id="string",
    scope="string",
    description="string",
    eligible_authorizations=[{
        "principal_id": "string",
        "role_definition_id": "string",
        "just_in_time_access_policy": {
            "approvers": [{
                "principal_id": "string",
                "principal_display_name": "string",
            }],
            "maximum_activation_duration": "string",
            "multi_factor_auth_provider": "string",
        },
        "principal_display_name": "string",
    }],
    lighthouse_definition_id="string",
    name="string",
    plan={
        "name": "string",
        "product": "string",
        "publisher": "string",
        "version": "string",
    })

const definitionResource = new azure.lighthouse.Definition("definitionResource", {
    authorizations: [{
        principalId: "string",
        roleDefinitionId: "string",
        delegatedRoleDefinitionIds: ["string"],
        principalDisplayName: "string",
    }],
    managingTenantId: "string",
    scope: "string",
    description: "string",
    eligibleAuthorizations: [{
        principalId: "string",
        roleDefinitionId: "string",
        justInTimeAccessPolicy: {
            approvers: [{
                principalId: "string",
                principalDisplayName: "string",
            }],
            maximumActivationDuration: "string",
            multiFactorAuthProvider: "string",
        },
        principalDisplayName: "string",
    }],
    lighthouseDefinitionId: "string",
    name: "string",
    plan: {
        name: "string",
        product: "string",
        publisher: "string",
        version: "string",
    },
});

type: azure:lighthouse:Definition
properties:
    authorizations:
        - delegatedRoleDefinitionIds:
            - string
          principalDisplayName: string
          principalId: string
          roleDefinitionId: string
    description: string
    eligibleAuthorizations:
        - justInTimeAccessPolicy:
            approvers:
                - principalDisplayName: string
                  principalId: string
            maximumActivationDuration: string
            multiFactorAuthProvider: string
          principalDisplayName: string
          principalId: string
          roleDefinitionId: string
    lighthouseDefinitionId: string
    managingTenantId: string
    name: string
    plan:
        name: string
        product: string
        publisher: string
        version: string
    scope: string

Definition Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Definition resource accepts the following input properties:

Authorizations List<DefinitionAuthorization>: An authorization block as defined below.
ManagingTenantId string: The ID of the managing tenant. Changing this forces a new resource to be created.
Scope string: The ID of the managed subscription. Changing this forces a new resource to be created.
Description string: A description of the Lighthouse Definition.
EligibleAuthorizations List<DefinitionEligibleAuthorization>: An eligible_authorization block as defined below.
LighthouseDefinitionId string: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
Name string: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
Plan DefinitionPlan: A plan block as defined below.

Authorizations []DefinitionAuthorizationArgs: An authorization block as defined below.
ManagingTenantId string: The ID of the managing tenant. Changing this forces a new resource to be created.
Scope string: The ID of the managed subscription. Changing this forces a new resource to be created.
Description string: A description of the Lighthouse Definition.
EligibleAuthorizations []DefinitionEligibleAuthorizationArgs: An eligible_authorization block as defined below.
LighthouseDefinitionId string: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
Name string: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
Plan DefinitionPlanArgs: A plan block as defined below.

authorizations List<DefinitionAuthorization>: An authorization block as defined below.
managingTenantId String: The ID of the managing tenant. Changing this forces a new resource to be created.
scope String: The ID of the managed subscription. Changing this forces a new resource to be created.
description String: A description of the Lighthouse Definition.
eligibleAuthorizations List<DefinitionEligibleAuthorization>: An eligible_authorization block as defined below.
lighthouseDefinitionId String: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
name String: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan DefinitionPlan: A plan block as defined below.

authorizations DefinitionAuthorization[]: An authorization block as defined below.
managingTenantId string: The ID of the managing tenant. Changing this forces a new resource to be created.
scope string: The ID of the managed subscription. Changing this forces a new resource to be created.
description string: A description of the Lighthouse Definition.
eligibleAuthorizations DefinitionEligibleAuthorization[]: An eligible_authorization block as defined below.
lighthouseDefinitionId string: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
name string: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan DefinitionPlan: A plan block as defined below.

authorizations Sequence[DefinitionAuthorizationArgs]: An authorization block as defined below.
managing_tenant_id str: The ID of the managing tenant. Changing this forces a new resource to be created.
scope str: The ID of the managed subscription. Changing this forces a new resource to be created.
description str: A description of the Lighthouse Definition.
eligible_authorizations Sequence[DefinitionEligibleAuthorizationArgs]: An eligible_authorization block as defined below.
lighthouse_definition_id str: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
name str: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan DefinitionPlanArgs: A plan block as defined below.

authorizations List<Property Map>: An authorization block as defined below.
managingTenantId String: The ID of the managing tenant. Changing this forces a new resource to be created.
scope String: The ID of the managed subscription. Changing this forces a new resource to be created.
description String: A description of the Lighthouse Definition.
eligibleAuthorizations List<Property Map>: An eligible_authorization block as defined below.
lighthouseDefinitionId String: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
name String: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan Property Map: A plan block as defined below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Definition resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Definition Resource

Get an existing Definition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DefinitionState, opts?: CustomResourceOptions): Definition

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authorizations: Optional[Sequence[DefinitionAuthorizationArgs]] = None,
        description: Optional[str] = None,
        eligible_authorizations: Optional[Sequence[DefinitionEligibleAuthorizationArgs]] = None,
        lighthouse_definition_id: Optional[str] = None,
        managing_tenant_id: Optional[str] = None,
        name: Optional[str] = None,
        plan: Optional[DefinitionPlanArgs] = None,
        scope: Optional[str] = None) -> Definition

func GetDefinition(ctx *Context, name string, id IDInput, state *DefinitionState, opts ...ResourceOption) (*Definition, error)

public static Definition Get(string name, Input<string> id, DefinitionState? state, CustomResourceOptions? opts = null)

public static Definition get(String name, Output<String> id, DefinitionState state, CustomResourceOptions options)

resources:  _:    type: azure:lighthouse:Definition    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Authorizations List<DefinitionAuthorization>: An authorization block as defined below.
Description string: A description of the Lighthouse Definition.
EligibleAuthorizations List<DefinitionEligibleAuthorization>: An eligible_authorization block as defined below.
LighthouseDefinitionId string: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
ManagingTenantId string: The ID of the managing tenant. Changing this forces a new resource to be created.
Name string: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
Plan DefinitionPlan: A plan block as defined below.
Scope string: The ID of the managed subscription. Changing this forces a new resource to be created.

Authorizations []DefinitionAuthorizationArgs: An authorization block as defined below.
Description string: A description of the Lighthouse Definition.
EligibleAuthorizations []DefinitionEligibleAuthorizationArgs: An eligible_authorization block as defined below.
LighthouseDefinitionId string: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
ManagingTenantId string: The ID of the managing tenant. Changing this forces a new resource to be created.
Name string: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
Plan DefinitionPlanArgs: A plan block as defined below.
Scope string: The ID of the managed subscription. Changing this forces a new resource to be created.

authorizations List<DefinitionAuthorization>: An authorization block as defined below.
description String: A description of the Lighthouse Definition.
eligibleAuthorizations List<DefinitionEligibleAuthorization>: An eligible_authorization block as defined below.
lighthouseDefinitionId String: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
managingTenantId String: The ID of the managing tenant. Changing this forces a new resource to be created.
name String: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan DefinitionPlan: A plan block as defined below.
scope String: The ID of the managed subscription. Changing this forces a new resource to be created.

authorizations DefinitionAuthorization[]: An authorization block as defined below.
description string: A description of the Lighthouse Definition.
eligibleAuthorizations DefinitionEligibleAuthorization[]: An eligible_authorization block as defined below.
lighthouseDefinitionId string: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
managingTenantId string: The ID of the managing tenant. Changing this forces a new resource to be created.
name string: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan DefinitionPlan: A plan block as defined below.
scope string: The ID of the managed subscription. Changing this forces a new resource to be created.

authorizations Sequence[DefinitionAuthorizationArgs]: An authorization block as defined below.
description str: A description of the Lighthouse Definition.
eligible_authorizations Sequence[DefinitionEligibleAuthorizationArgs]: An eligible_authorization block as defined below.
lighthouse_definition_id str: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
managing_tenant_id str: The ID of the managing tenant. Changing this forces a new resource to be created.
name str: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan DefinitionPlanArgs: A plan block as defined below.
scope str: The ID of the managed subscription. Changing this forces a new resource to be created.

authorizations List<Property Map>: An authorization block as defined below.
description String: A description of the Lighthouse Definition.
eligibleAuthorizations List<Property Map>: An eligible_authorization block as defined below.
lighthouseDefinitionId String: A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
managingTenantId String: The ID of the managing tenant. Changing this forces a new resource to be created.
name String: The name of the Lighthouse Definition. Changing this forces a new resource to be created.
plan Property Map: A plan block as defined below.
scope String: The ID of the managed subscription. Changing this forces a new resource to be created.

Supporting Types

DefinitionAuthorization, DefinitionAuthorizationArgs

PrincipalId string: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
RoleDefinitionId string: The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an Owner role.
DelegatedRoleDefinitionIds List<string>: The set of role definition ids which define all the permissions that the principal id can assign.
PrincipalDisplayName string: The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

PrincipalId string: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
RoleDefinitionId string: The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an Owner role.
DelegatedRoleDefinitionIds []string: The set of role definition ids which define all the permissions that the principal id can assign.
PrincipalDisplayName string: The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

principalId String: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
roleDefinitionId String: The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an Owner role.
delegatedRoleDefinitionIds List<String>: The set of role definition ids which define all the permissions that the principal id can assign.
principalDisplayName String: The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

principalId string: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
roleDefinitionId string: The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an Owner role.
delegatedRoleDefinitionIds string[]: The set of role definition ids which define all the permissions that the principal id can assign.
principalDisplayName string: The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

principal_id str: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
role_definition_id str: The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an Owner role.
delegated_role_definition_ids Sequence[str]: The set of role definition ids which define all the permissions that the principal id can assign.
principal_display_name str: The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

principalId String: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
roleDefinitionId String: The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an Owner role.
delegatedRoleDefinitionIds List<String>: The set of role definition ids which define all the permissions that the principal id can assign.
principalDisplayName String: The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.

DefinitionEligibleAuthorization, DefinitionEligibleAuthorizationArgs

PrincipalId string: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
RoleDefinitionId string: The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
JustInTimeAccessPolicy DefinitionEligibleAuthorizationJustInTimeAccessPolicy: A just_in_time_access_policy block as defined below.
PrincipalDisplayName string: The display name of the Azure Active Directory Principal.

PrincipalId string: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
RoleDefinitionId string: The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
JustInTimeAccessPolicy DefinitionEligibleAuthorizationJustInTimeAccessPolicy: A just_in_time_access_policy block as defined below.
PrincipalDisplayName string: The display name of the Azure Active Directory Principal.

principalId String: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
roleDefinitionId String: The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
justInTimeAccessPolicy DefinitionEligibleAuthorizationJustInTimeAccessPolicy: A just_in_time_access_policy block as defined below.
principalDisplayName String: The display name of the Azure Active Directory Principal.

principalId string: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
roleDefinitionId string: The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
justInTimeAccessPolicy DefinitionEligibleAuthorizationJustInTimeAccessPolicy: A just_in_time_access_policy block as defined below.
principalDisplayName string: The display name of the Azure Active Directory Principal.

principal_id str: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
role_definition_id str: The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
just_in_time_access_policy DefinitionEligibleAuthorizationJustInTimeAccessPolicy: A just_in_time_access_policy block as defined below.
principal_display_name str: The display name of the Azure Active Directory Principal.

principalId String: Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
roleDefinitionId String: The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
justInTimeAccessPolicy Property Map: A just_in_time_access_policy block as defined below.
principalDisplayName String: The display name of the Azure Active Directory Principal.

DefinitionEligibleAuthorizationJustInTimeAccessPolicy, DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs

Approvers List<DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover>: An approver block as defined below.
MaximumActivationDuration string: The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to PT8H.
MultiFactorAuthProvider string: The multi-factor authorization provider to be used for just-in-time access requests. Possible value is Azure.
Note: When this property isn't set, it would be set to None.

Approvers []DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover: An approver block as defined below.
MaximumActivationDuration string: The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to PT8H.
MultiFactorAuthProvider string: The multi-factor authorization provider to be used for just-in-time access requests. Possible value is Azure.
Note: When this property isn't set, it would be set to None.

approvers List<DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover>: An approver block as defined below.
maximumActivationDuration String: The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to PT8H.
multiFactorAuthProvider String: The multi-factor authorization provider to be used for just-in-time access requests. Possible value is Azure.
Note: When this property isn't set, it would be set to None.

approvers DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover[]: An approver block as defined below.
maximumActivationDuration string: The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to PT8H.
multiFactorAuthProvider string: The multi-factor authorization provider to be used for just-in-time access requests. Possible value is Azure.
Note: When this property isn't set, it would be set to None.

approvers Sequence[DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover]: An approver block as defined below.
maximum_activation_duration str: The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to PT8H.
multi_factor_auth_provider str: The multi-factor authorization provider to be used for just-in-time access requests. Possible value is Azure.
Note: When this property isn't set, it would be set to None.

approvers List<Property Map>: An approver block as defined below.
maximumActivationDuration String: The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to PT8H.
multiFactorAuthProvider String: The multi-factor authorization provider to be used for just-in-time access requests. Possible value is Azure.
Note: When this property isn't set, it would be set to None.

DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover, DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs

PrincipalId string: The Principal ID of the Azure Active Directory principal for the approver.
PrincipalDisplayName string: The display name of the Azure Active Directory Principal for the approver.

PrincipalId string: The Principal ID of the Azure Active Directory principal for the approver.
PrincipalDisplayName string: The display name of the Azure Active Directory Principal for the approver.

principalId String: The Principal ID of the Azure Active Directory principal for the approver.
principalDisplayName String: The display name of the Azure Active Directory Principal for the approver.

principalId string: The Principal ID of the Azure Active Directory principal for the approver.
principalDisplayName string: The display name of the Azure Active Directory Principal for the approver.

principal_id str: The Principal ID of the Azure Active Directory principal for the approver.
principal_display_name str: The display name of the Azure Active Directory Principal for the approver.

principalId String: The Principal ID of the Azure Active Directory principal for the approver.
principalDisplayName String: The display name of the Azure Active Directory Principal for the approver.

DefinitionPlan, DefinitionPlanArgs

Name string: The plan name of the marketplace offer.
Product string: The product code of the plan.
Publisher string: The publisher ID of the plan.
Version string: The version of the plan.

Name string: The plan name of the marketplace offer.
Product string: The product code of the plan.
Publisher string: The publisher ID of the plan.
Version string: The version of the plan.

name String: The plan name of the marketplace offer.
product String: The product code of the plan.
publisher String: The publisher ID of the plan.
version String: The version of the plan.

name string: The plan name of the marketplace offer.
product string: The product code of the plan.
publisher string: The publisher ID of the plan.
version string: The version of the plan.

name str: The plan name of the marketplace offer.
product str: The product code of the plan.
publisher str: The publisher ID of the plan.
version str: The version of the plan.

name String: The plan name of the marketplace offer.
product String: The product code of the plan.
publisher String: The publisher ID of the plan.
version String: The version of the plan.

Import

Lighthouse Definitions can be imported using the resource id, e.g.

$ pulumi import azure:lighthouse/definition:Definition example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ManagedServices/registrationDefinitions/00000000-0000-0000-0000-000000000000

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi

pulumi/pulumi-azure

azure.lighthouse.Definition

On this page

On this page

Example Usage

API Providers

Create Definition Resource

Constructor syntax

Parameters

Constructor example

Definition Resource Properties

Inputs

Outputs

Look up Existing Definition Resource

Supporting Types

DefinitionAuthorization, DefinitionAuthorizationArgs

DefinitionEligibleAuthorization, DefinitionEligibleAuthorizationArgs

DefinitionEligibleAuthorizationJustInTimeAccessPolicy, DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs

DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover, DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs

DefinitionPlan, DefinitionPlanArgs

Import

Package Details

On this page

On this page