How to create an Azure SPN for Terraform

Service Principal Name is effectively a service account within Azure.

Required in this scenario for our Terraform Provider function to connect our TF code to our Azure Subscription.

  1. Login to
  2. Click into Azure Active Directory.
  3. Click App Registrations >+ New registration.
  4. Provide a name for your SPN ie. terraform-spn, provide any valid URL within Redirect URI.
  5. Click Register.
  6. We require 4x details of information in order to use Terraform;
    1. client_id; This is Azure Application ID.
    2. client_secret; This is our SPN’s client secret key which we generate within Azure.
    3. tenant_id; This is Azure AD’s directory ID.
    4. subscription_id; This is our Azure Subscription ID.
  7. Application ID from our newly created SPN. In Terraform, this is client_id variable.
  8. Within our SPN blade, click Certificates & secrets > + New client secret.
  9. Provide a name and duration for secret. Click Add.
  10. Copy our newly created client secret string. In Terraform, this is client_secret variable.
  11. Click into Azure Active Directory > Properties.
  12. Copy the Directory ID string. In Terraform, this is tenant_id variable.
  13. Now go into Subscriptions > Overview and copy the Subscription ID. In Terraform, this is the subscription_id variable.
  14. Within Subscriptions > [Your Subscription] > Access control (IAM) > + Add > Add role assignment.
  15. Role: Contributor.
  16. Select our newly created SPN ie. terraform-spn and click Save.


Congratulations, we have now successfully configured an Azure SPN ready for use with Terraform!