Terraform With Azure


What is Azure:

Microsoft Azure is the one of the leading public cloud provider in the world as of now it holds 11% of share of the public cloud providers

Terraform with Azure:

Terraform is a google go langauage based automation tool to write infrasturcture as a code to work with different cloud providers like Azure,GCP(Google Cloud Platform),AWS developed by Hashicrop which uses HCL (HashiCorp Configuration Language)  syntax

Getting started with Azure using Terraform:


  • Microsoft Azure account
  • Terraform binary package for the respective OS platform

In order to configure terraform with any cloud provider we need to obtain the credentials for particular account for that provider which stored in provider.tf in configuration files

Creating Credentials:

Azure requires that an application is added to Azure Active Directory to generate the client_id, client_secret, and tenant_id needed by Terraform (subscription_id can be recovered from your Azure account details).

Creating Credentials using Azure CLI:

  • Firstly, login to the Azure CLI using the following command “az login”
  • Once logged in, it’s possible to list the Subscriptions associated with the account using the following command “az account list”
  • The output (similar to below) will display one or more Subscriptions – with the ID field being the subscription_id field referenced above.
  • azure.JPG

       NOTE: The ID field will be your subscription_id

  • We can now create the Service Principal, which will have permissions to manage resources in the specified Subscription using the following command “az ad sp create-for-rbac –role=”Contributor” –scopes=”/subscriptions/SUBSCRIPTION_ID”
  • This command will output 5 values:
  • azure2
  • These values map to the Terraform variables like so:
  • appId is your client_id defined above.
  • password is your client_secret defined above.
  • tenant is your tenant_id defined above.
  • Finally – it’s possible to test these values work as expected by first logging in using the following command “az login –service-principal -u CLIENT_ID -p CLIENT_SECRET –tenant TENANT_ID”
  • Thus, you have created your Azure Credentials successfully.

Creating Credentials using Azure Portal:

There’s a couple of phases to create Credentials via the Azure Portal:

  • Creating an Application in Azure Active Directory (which acts as a Service Principal)
  • Granting the Application access to manage resources in your Azure Subscription

Creating an Application in Azure Active Directory:

  • From your Azure portal, navigate to the Azure Active Directory
  • Select the App Registration Blade
  • Click on End Points at the top of App Registration blade
  • This will display a list of URLs’, the URI for OAUTH 2.0 AUTHORIZATION ENDPOINT contains a GUID which is your Tenant ID/ the tenant_id field mentioned above
  • Next navigate back to the App Registration Blade
  • From here we’ll create the Application in Azure Active Directory
  • To do so, click Add at the top to add a new Application within the Azure Active Directory
  • On this page set the following values then press Create
  • Name:
  • Application Type:
  • Sign-on URL:
  • Once this is done, select the application you just created in the App Registration Blade
  • At the top of this page, the Application ID GUID is your Client ID (client_id)
  • Finally, we can create the Client Secret (client_secret) by selecting Keys and then generating a new key by entering a description, selecting how long the client_secret should be valid for
  • Finally press Save.

This value will only be visible whilst on the page, so be sure to copy it now (otherwise you’ll need to regenerate a new key).

Granting the Application access to manage resources in your Azure Subscription:

  • Once the Application exists in Azure Active Directory, we can grant it permissions to modify resources in the Subscription.
  • To do this, navigate to the Subscriptions blade within the Azure Portal, then select the Subscription you wish to use, then click Access Control (IAM), and finally Add.
  • Firstly, specify a Role which grants the appropriate permissions needed for the Service Principal (for example, Contributor will grant Read/Write on all resources in the Subscription)
  • Secondly, search for and select the name of the Application created in Azure Active Directory to assign it this role
  • Press Save.
  • Thus, we have created Azure credentials from Azure Portal

Configuring Azure with Terraform:

The Microsoft Azure provider is used to interact with the many resources supported by Azure, via the ARM API. This supersedes the legacy Azure provider, which interacts with Azure using the Service Management API. The provider needs to be configured with the credentials needed to generate OAuth tokens for the ARM API. Save the file as provider.tf



Thus we configured azure provider with terraform. we can test it but using terraform plan command to connectivity with azure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s