Create a Terraform Service Principal Account Azure

In this blog post, I will show you how to create a service principal (SP) account in Microsoft Azure for Terraform.

Service Principal

Microsoft Azure offers a few authentication methods that allow Terraform to deploy resources, and one of them is an SP account.

The reason an SP account is better than other methods is that we don’t need to log in to Azure before running Terraform.

With the other methods (Azure CLI, or Cloud Shell), we need to login to Azure using az login or Cloud Shell.

The SP account can be hardcoded to the script and run

(not recommended for production).

Create an SP Account

To create an SP account, I will use the Azure Cloud Shell and Azure CLI.

After I logged into Cloud Shell, I will run the following command.

Note: You will need your Azure subscription ID.

The service account names us service_terraform.

az ad sp create-for-rbac --name="service_terraform" --role="Contributor" --scopes="/subscriptions/TYPE-SUBSCRIPTION-ID"


The output of the command will look like the code below and will contain the following details:

  • Application ID
  • Name
  • Service Name
  • Service password
  • Tenant ID
  "appId": "applicationid",
  "displayName": "service_terraform",
  "name": "Service name",
  "password": "SP password",
  "tenant": "Azure tenant ID"


The details can be paste into the provider ID in your Terraform file and run.

provider "azurerm" {
subscription_id = "value"
client_id = ""
client_secret = ""
tenant_id = ""
features {}

Success! You're on the list.