- Create an Azure service principal using the Azure CLI
PS /home/linda> az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/528e05db-6ee0-43a6-9f5a-10cf3fac9f1c" Creating 'Contributor' role assignment under scope '/subscriptions/528e05db-6ee0-43a6-9f5a-10cf3fac9f1c' Retrying role assignment creation: 1/36 The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli { "appId": "bb933f07-1544-4acf-9e6b", "displayName": "azure-cli-2021-02-01-15-53-30", "name": "http://azure-cli-2021-02-01-15-53-30", "password": "Cc84DM4qAHJrwEb1.", "tenant": "a9b214e8-0697-4c29-886f-e89844c78dbd" }
2. Login using an Azure service principal
az login –service-principal -u “***” -p “***” –tenant “***”
3. Set the current Azure subscription
az account show
az account list –query “[].{name:name, subscriptionId:id}”
az account set –subscription=””
4. Create a Terraform configuration file
# Configure the Microsoft Azure Provider # client_id="appId" and client_secret = "password" when you create service principal provider "azurerm" { subscription_id = "528e05db-6ee0-43a6-9f5a-10cf3fac9f1c" client_id = "bb933f07-1544-4acf-9e6b" client_secret = "Cc84DM4qAHJrwEb1." tenant_id = "a9b214e8-0697-4c29-886f-e89844c78dbd" features {} } # Create a resource group if it doesn't exist resource "azurerm_resource_group" "myterraformgroup" { name = "myResourceGroup" location = "eastus" tags = { environment = "Terraform Demo" } }
5. Create and apply a Terraform execution plan
terraform init
terraform plan -out terraform_plan.tfplan
terraform apply “terraform_plan.tfplan”
PS /home/linda> terraform plan -out terraform_plan.tfplan An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azurerm_resource_group.myterraformgroup will be created + resource "azurerm_resource_group" "myterraformgroup" { + id = (known after apply) + location = "eastus" + name = "myResourceGroup" + tags = { + "environment" = "Terraform Demo" } } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ This plan was saved to: terraform_plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "terraform_plan.tfplan" PS /home/linda> terraform apply "terraform_plan.tfplan" azurerm_resource_group.myterraformgroup: Creating... azurerm_resource_group.myterraformgroup: Creation complete after 1s [id=/subscriptions/528e05db-6ee0-43a6-9f5a-10cf3fac9f1c/resourceGroups/myResourceGroup] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
ref: https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell
Thank you for the auspicious writeup. It in fact was a amusement account it.
Look advanced to far added agreeable from you! However,
how could we communicate?