Creating Service Account for Terraform in Azure

Getting an automation tool like Terraform the privileges to manage resource groups within Azure requires a bit of up front setup work. Here is a video demonstrating all that is required.

Step 1: Install the Azure CLI

The first step is to get the Azure CLI (command line interface) which will allow you to issue commands using your Azure Active Directory credentials. You will need to have sufficient privileges within Azure AD to perform this operation.

C:> choco install azure-cli

Step 2: Login using the CLI

“az login” will trigger an interactive login session with a unique code that you can use to activate the session. Follow the instructions by opening a browser to https://microsoft.com/devicelogin and plug in the code provided by the CLI.

Make sure to snag the following values from the JSON document that gets spit out into the command line:

Subscription ID Unique identifier for the Azure Subscription
Tenant ID Unique identifier for the Azure Active Directory tenant associated with the Azure Subscription

These are part of the credentials passed to Azure by Terraform but they are not sensitive.

Step 3: Explicitly set your subscription context

“az account set –subscription=”{your subscription id}”

Step 4: Create the Service Principal (aka App Registration aka Service Account)

az ad sp create-for-rbac –role=”Contributor” –scopes=”/subscriptions/{your_subscription_id}”

This will create a service principal and a key. You can find it under your “application registrations” in Azure Active Directory.

App ID Unique identifier for the service account in Azure Active Directory
Password Secret key used to authenticate

As it’s name implies the password is sensitive. I’m showing it because it will be long deleted by the time this is published and I wanted you guys to be able to see the unobstructed output of the commands.

You can access the account from the ‘app registrations’ section of the Azure Active Directory portal.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s