- Print
- Comment
- DarkLight
- PDF
Terraform - Connecting to Azure in Pipeline
What
How do I connect Terraform to an Azure Subscription within an Azure DevOps pipeline
Why
In Terraform, when you run the scripts on your developer machine would will normally login to Azure via the Azure CLI login commands and select a subscription before running Terraform commands. The problem is that in an Azure Devops pipeline you do not have an interactive user login to provide credentials and to click the screen to confirm which account to use.
There is a way to work around this in a pipeline by supplying credentials for a Service Principal.
How
Step 1 - Setup an Azure Service Principal in Azure DevOps
In Azure AD you will create a service principal. You will then setup the service principal to have appropriate RBAC on your Azure subscription(s). You will need to grab the client secret and app id (client id).
Resources which will help you with this are:
Step 2 - Set Pipeline Environment Variables
In the DevOps pipeline you will need to set up the following variables:
Variable | Value |
---|---|
ARM_CLIENT_ID | This is the application id from the service principal in Azure AD |
ARM_CLIENT_SECRET | This is the secret for the service principal in Azure AD |
ARM_SUBSCRIPTION_ID | The guid for the subscription id |
ARM_TENANT_ID | This is the tenant id for your Azure AD instance |
Step 3 - Passing the Variables to Terraform
The great news is if you set these variables with the correct names then Terraform will automatically pick them up and use them to connect to Azure. This will get around the lack of a logged in user.