Skip to main content
HashnodeIresh's Blog

Command Palette

Search for a command to run...

Terraform Access for Azure

Updated
2 min read
I
Iresh Ekanayaka
Part of seriesAzure

A cheat sheet for configuring authentication and access control in Azure for Terraform users.

1️⃣ Azure Authentication Methods

Before configuring Terraform, understand the authentication options in Azure:

🔹 Managed Identity

Best For:

  • Azure resources (VMs, Functions, AKS, etc.) needing access to other Azure services.

  • Secretless authentication within Azure.

Types:

  • System-assigned → Tied to a single resource.

  • User-assigned → Reusable across multiple resources.

🔹 Service Principal

Best For:

  • Automation tools like Terraform, CI/CD (GitHub Actions, Azure DevOps).

  • Programmatic access to Azure resources.

Authentication Methods:

  • Client Secret (Password-based) 🔑 → Easy but less secure.

  • Certificate-based → More secure than secrets.

  • Federated Identity (OIDC) 🎭 → No secret required (best for GitHub Actions & Kubernetes).

2️⃣ Prerequisites

Before proceeding, ensure you have:
✅ An Azure Subscription
Azure CLI installed (az version to check)
Terraform installed (terraform version to check`)

3️⃣ Authenticate with Azure CLI

Run the following command to log in to Azure:

az login

If you're using a cloud shell, authentication happens automatically.

4️⃣ Create a Service Principal for Terraform

To enable Terraform to authenticate securely, create a Service Principal:

az ad sp create-for-rbac --name "terraform-sp" --role="Contributor" --scopes="/subscriptions/YOUR_SUBSCRIPTION_ID"

This returns JSON with important credentials:

{
  "appId": "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
  "displayName": "terraform-sp",
  "password": "xxxxxxxxxxxx",
  "tenant": "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
}

Save these values securely.

5️⃣ Configure Terraform Provider with Service Principal

Update your provider block in Terraform to use the service principal credentials:

provider "azurerm" {
  features {}
  subscription_id = "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
  tenant_id       = "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
  client_id       = "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
  client_secret   = "xxxxxxxxxxxx"
}

This ensures Terraform authenticates using the service principal directly.

6️⃣ Verify Access with Terraform

To verify if the authentication is properly set up, run:

terraform plan

If authentication is configured correctly, Terraform will display the planned actions for your infrastructure. If there are issues with authentication, Terraform will return an error message.

7️⃣ Next Steps

  • Use this authentication to deploy Azure resources with Terraform.

  • Secure your credentials using an Azure Key Vault instead of storing them in Terraform files.

  • Continue with infrastructure setup (next blog will cover creating an Azure resource).

This keeps it short, structured, and easy to follow. 🚀

4 views

Azure

Part 1 of 2

A practical guide to Azure, covering core concepts, best practices, and real-world use cases for cloud management.

Up next

Service Principal vs. Managed Identity in Azure: A Quick Guide

When working with Azure, managing authentication and access to resources securely is crucial. Two common approaches for enabling applications and services to authenticate without using user credentials are Service Principals and Managed Identities. L...

More from this blog

Iresh's Blog

20 posts