I'm trying to create a PostgreSQL role for an Azure AD Group using Terraform.

The error I get is:

Error: could not grant role azure_ad_user to EAM-GFP-DEV-AIQ-DB-READER: pq: An unexpected error occurred while trying to validate user.

The AD group exists, and I'm authenticating to PostgreSQL using the Azure DevOps service connection which is a member of the PostgreSQL AD Admin group.

The Terraform I'm using is this:

resource "postgresql_role" "azuread_db_reader" {
name = "EAM-GFP-${lookup(var.environment_full_name, var.environment_name)}-${var.service_name}-DB-READER"
login = true
roles = ["azure_ad_user"]
}

Thanks,
Wayne