How to authenticate from Terraform Cloud to Azure?

Terraform Providers Azure
1

Hi

I’m new to Terraform. Using Terraform Cloud I try to create a resource group in Azure. I have a very simple main.tf file in github containing this:

provider “azurerm” {
subscription_id = “ID-removed”
tenant_id = “Tenant-ID-removed”
}

resource “azurerm_resource_group” “temp01” {
name = “someNameNotFoundAlready”
location = “East US”
}

In Terraform Cloud I defined environment variabels for
client_id
client_secret

In Azure I’ve setup RBAC on the subscription using:
PS Azure:> az ad sp create-for-rbac --role=“Contributor” --scopes="/subscriptions/Subscription-ID-removed"

The generated appId is then configured in Terraform Cloud as client_id and password as client_secret.

When I queue the plan in Terraform Cloud it fails with this message:
Error: Error building AzureRM Client: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with az login.

on main.tf line 1, in provider “azurerm”:
1: provider “azurerm” {

Isn’t it possible to authenticate to Azure this way from Terraform Cloud? It seems like the Azure CLI is not available. I can connect from Azure cloud console locally, but that is not what I want. I’ve read the relevant documentation multiple times, but it seems like it mostly addresses the local scenario.

Thanks in advance!
Henrik

1 Like
2

I believe you can set the client id and client secret using environment variables in Terraform cloud. I stand to be corrected but I believe the following variables will work.

ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID
ARM_SUBSCRIPTION_ID

as long as you set these as environment variables in the workspace, you should be good to go. Happy Terraforming :blush:

1 Like
3

Thanks a lot!

I got it working now…:slight_smile:

Localhost I used quotes around the keys (when passing them in as environment variables). In Terraform Cloud I also had quotes in around the variables. When I removed the quotes around the various keys in TFC it worked fine.

2 Likes
4

Official documentation about how to do it: https://www.terraform.io/docs/providers/azurerm/guides/service_principal_client_secret.html#configuring-the-service-principal-in-terraform

2 Likes
5

Thank you this saved me a bunch of time. I looked at various posts this one did it. Thanks for posting.