az
CLI (and this must be available on your PATH) - authenticating using the older azure
CLI or PowerShell Cmdlets are not supported.az login --service-principal
) you should instead authenticate via the Service Principal directly (either using a Client Secret or a Client Certificate).$ az cloud set --name AzureChinaCloud|AzureGermanCloud|AzureUSGovernment
Login to the Azure CLI using:
$ az login
Once logged in - it's possible to list the Subscriptions associated with the account via:
$ az account list --out table
The output (similar to below) will display one or more Subscriptions - with the SubscriptionId
column being the SUBSCRIPTION_ID
field referenced below.
Name CloudName SubscriptionId State IsDefault
----------------------------- ----------- ------------------------------------ ------- -----------
PAYG Subscription AzureCloud 00000000-0000-0000-0000-000000000000 Enabled False
Contoso Sales AzureCloud 00000000-0000-1000-0000-000000000000 Enabled False
Contoso Dev AzureCloud 00000000-0000-1000-2000-000000000000 Enabled True
Contoso Dogfood AzureCloud 00000000-3000-0000-0070-000000000000 Enabled False
Contoso Prod AzureCloud 00000000-0400-0000-0070-000000000000 Enabled False
Should you have more than one Subscription, you can specify the Subscription to use via the following command:
$ az account set --subscription="SUBSCRIPTION_ID"
Now that we're logged into the Azure CLI - we can configure Terraform to use these credentials.
To configure Terraform to use the Default Subscription defined in the Azure CLI - we can use the following Provider block:
terraform {
required_providers {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
}
}
provider "azapi" {
}
At this point running either terraform plan
or terraform apply
should allow Terraform to run using the Azure CLI to authenticate.
It's also possible to configure Terraform to use a specific Subscription - for example:
terraform {
required_providers {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
}
}
provider "azapi" {
subscription_id = "00000000-0000-0000-0000-000000000000"
}
More information on the fields supported in the Provider block can be found here.
At this point running either terraform plan
or terraform apply
should allow Terraform to run using the Azure CLI to authenticate.
If you're looking to use Terraform across Tenants - it's possible to do this by configuring the Tenant ID field in the Provider block, as shown below:
terraform {
required_providers {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
}
}
provider "azapi" {
subscription_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "11111111-1111-1111-1111-111111111111"
}
More information on the fields supported in the Provider block can be found here.
At this point running either terraform plan
or terraform apply
should allow Terraform to run using the Azure CLI to authenticate.