Creating the Azure SP
This operation can be done either via the Azure portal (all steps are detailed on the official documentation here: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) or via a script by executing the following az cli command (which we can launch in Azure Cloud Shell).
The following is a template az cli script that you have to run for creating an service principal, where you have to enter your SP name, role, and scope:
az ad sp create-for-rbac --name="<ServicePrincipal name>" --role="Contributor" --scopes="/subscriptions/<subscription Id>"
See the following example:
az ad sp create-for-rbac --name="SPForTerraform" --role="Contributor" --scopes="/subscriptions/8921-1444-..."
This sample script creates a new service principal named SPForTerraform and gives it the contributor permission on the subscription ID, 8921....
The following screenshot shows the execution of the script that creates an Azure SP:
The creation of this service principal returns three pieces of identification information:
- The application ID, also called the client ID
- The client secret
- The tenant ID
And the SP is created in Azure AD. The following screenshot shows the Azure AD SP:
Here, we have just seen how to create a service principal in the Azure AD and we have given it the permission to manipulate the resources of our Azure subscriptions.
Now, let's see how to configure Terraform to use our Azure SP.