This blog post will show how to create a service principal (SP) in Microsoft Azure for Terraform using Azure CLI.
Azure Service Principal is a security identifier that is used by applications, services, and automation tools to access Azure resources. It is essentially an application registration in Azure Active Directory that represents the application or tool that needs to access Azure resources, rather than a user or human identity.
Create SP Account
The following Azure CLI will create an SP account for Terraform with owner permissions. This can also be changed to the contributor in case you need the account to have fewer permissions.
Before you start, make sure you have the correct subscription ID
az login
az ad sp create-for-rbac --role="Owner"--scopes="/subscriptions/<subscription id>"
After you run the code, the output should look like
{
"appId": "<app-id>",
"displayName": "<app-name>",
"password": "<app-password>",
"tenant": "<tenant-id>"
}
Run the following command to use the SP account to log in to Azure.
az login --service-principal -u CLIENT_ID -p CLIENT_SECRET --tenant TENANT_ID
Once logged in, you can use Terraform and deploy resources to Azure.
Leave a Reply