Create Terraform Azure Service Principal Account using Azure CLI

This blog post will show how to create a service principal (SP) in Microsoft Azure for Terraform using Azure CLI.

Azure Service Principal is a security identifier that is used by applications, services, and automation tools to access Azure resources. It is essentially an application registration in Azure Active Directory that represents the application or tool that needs to access Azure resources, rather than a user or human identity.

Create SP Account

The following Azure CLI will create an SP account for Terraform with owner permissions. This can also be changed to the contributor in case you need the account to have fewer permissions.

Before you start, make sure you have the correct subscription ID

az login

az ad sp create-for-rbac --role="Owner"--scopes="/subscriptions/<subscription id>"

After you run the code, the output should look like

  "appId": "<app-id>",
  "displayName": "<app-name>",
  "password": "<app-password>",
  "tenant": "<tenant-id>"

Run the following command to use the SP account to log in to Azure.

az login --service-principal -u CLIENT_ID -p CLIENT_SECRET --tenant TENANT_ID

Once logged in, you can use Terraform and deploy resources to Azure.

Success! You're on the list.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.