Hi, I am curious, which strategy to organize your Pulumi projects did you choose regarding service principals/managed identities and role assignments? For example, considering 2 applications and 1 database: opt1: • application1-project: Contains the resources for the first application and its managed identity. • application2-project: Contains the resources for the second application and its managed identity. • database-project: Contains the database resources and the role assignments for both application-managed identities. opt2: • application1-project: Contains the resources for the first application, its managed identity, and the role assignment to the database. • application2-project: Contains the resources for the second application, its managed identity, and the role assignment to the database. • database-project: Contains only the database resources. op3: • application1-project: Contains the resources for the first application. • application2-project: Contains the resources for the second application. • identity-management-project: Manages the creation of managed identities and their role assignments. • database-project: Contains the database resources.

cc/@Engin Diri?

I would go with option 3 as you have a nice separation of concern! We made also a post about this subject to help folks to find the right size of a micro stack. https://www.pulumi.com/blog/iac-recommended-practices-structuring-pulumi-projects/

thanks! i'll take a look!