How to create an Azure SPN for Terraform

Service Principal Name is effectively a service account within Azure.

Required in this scenario for our Terraform Provider function to connect our TF code to our Azure Subscription.

  1. Login to https://portal.azure.com.
  2. Click into Azure Active Directory.
  3. Click App Registrations >+ New registration.
  4. Provide a name for your SPN ie. terraform-spn, provide any valid URL within Redirect URI.
  5. Click Register.
  6. We require 4x details of information in order to use Terraform;
    1. client_id; This is Azure Application ID.
    2. client_secret; This is our SPN’s client secret key which we generate within Azure.
    3. tenant_id; This is Azure AD’s directory ID.
    4. subscription_id; This is our Azure Subscription ID.
  7. Application ID from our newly created SPN. In Terraform, this is client_id variable.
  8. Within our SPN blade, click Certificates & secrets > + New client secret.
  9. Provide a name and duration for secret. Click Add.
  10. Copy our newly created client secret string. In Terraform, this is client_secret variable.
  11. Click into Azure Active Directory > Properties.
  12. Copy the Directory ID string. In Terraform, this is tenant_id variable.
  13. Now go into Subscriptions > Overview and copy the Subscription ID. In Terraform, this is the subscription_id variable.
  14. Within Subscriptions > [Your Subscription] > Access control (IAM) > + Add > Add role assignment.
  15. Role: Contributor.
  16. Select our newly created SPN ie. terraform-spn and click Save.

 

Congratulations, we have now successfully configured an Azure SPN ready for use with Terraform!