docs: clarify what the template creates (#11)

Also clarify what roles are required for each step in the template deployment.
equinor · Dec 5, 2024 · e34c12d · e34c12d
1 parent 6386b90
commit e34c12d
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -2,10 +2,16 @@
 
 [![SCM Compliance](https://scm-compliance-api.radix.equinor.com/repos/equinor/terraform-backend/badge)](https://scm-compliance-api.radix.equinor.com/repos/equinor/terraform-backend/badge)
 
-Bicep template that creates an Azure Storage account to store Terraform state files.
-
 [![Deploy to Azure](https://docs.microsoft.com/en-us/azure/templates/media/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fequinor%2Fterraform-backend%2Fmain%2Fazuredeploy.json)
 
+Bicep template that creates an Azure Storage account to store Terraform state files:
+
+- Creates a storage account with the specified name.
+- Configures the storage account according to security recommendations.
+- Creates a storage container `tfstate`.
+- Grants access to the storage account for specified user, group and service principals.
+- Creates a read-only lock to prevent changes to the storage account.
+
 ## Prerequisites
 
 - Sign up for an [Azure account](https://azure.microsoft.com/en-us/pricing/purchase-options/azure-account).
@@ -34,6 +40,8 @@ Bicep template that creates an Azure Storage account to store Terraform state fi
    az group create --name tfstate
    ```
 
+   Requires Azure role `Contributor` at subscription.
+
 1. Create a deployment at resource group from the template file:
 
    ```console
@@ -46,6 +54,8 @@ Bicep template that creates an Azure Storage account to store Terraform state fi
    az deployment group create --name terraform-backend --resource-group tfstate --template-uri https://raw.githubusercontent.com/equinor/terraform-backend/refs/heads/main/azuredeploy.json --parameters storageAccountName=<STORAGE_ACCOUNT_NAME>
    ```
 
+   Requires Azure role `Owner` at resource group.
+
 ### Configure Terraform backend
 
 1. Create a Terraform configuration file `main.tf` and add the following backend configuration: