Terraform Azure Backend issue
We are using Azure as the backend for our Terraform code. Below is the code.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.40.0"
}
}
backend "azurerm" {
resource_group_name = "test"
storage_account_name = "test"
container_name = "test"
key = "test.tfstate"
tenant_id = "abc"
}
}
provider "azurerm" {
features {}
alias = "new-new"
subscription_id = var.another_subscription
}
provider "azurerm" {
features {}
}
And I have logged in as a Service Principal user using the below command:
az login --service-principal -t tenant-id-here -u object-id-of-sp -p client-secret-of-sp
And when I do terraform init it gives below error:
Initializing the backend...
╷
│ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
│
│ To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
│ auth method - instructions for which can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
│
│ Alternatively you can authenticate using the Azure CLI by using a User Account.
Solution
Initializing the backend...
│ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal). │
I also tried to store the backend configuration file after I logged in to Az using a Service Principal, but I'm still encountering the same error.
To resolve the issue, you need to provide the client_id, client_secret, subscription_id, and tenant_id of the service principal in the backend block of your Terraform configuration
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.40.0"
}
}
backend "azurerm" {
resource_group_name = "venkat"
storage_account_name = "venkat123"
container_name = "test1"
key = "test.tfstate"
tenant_id = ""
client_id = ""
client_secret = ""
subscription_id = ""
}
}
provider "azurerm" {
features {}
alias = "new-new"
subscription_id = ""
}
Terraform init
Once I ran the terraform init, it is working, and the .tfstate file is also copied to the storage account as shown below.
- How to resolve paging when retrieving data from REST API in R
- SearchService deployment fails if the resource exists
- Azure Bicep - Referencing a variable that cannot be calculated at the start
- Local development with Azure SignalR Service and Azure Functions
- Azure Functions & Application Insights requests "Operation Link" empty
- Disabling allow public blob access using terraform
- how to retrieve all resources under given subnet using Azure Resource Graph Explorer query
- I'm using SSIS in ADF to move .csv from a blob container to another and then ingest into a Azure SQL database. I get an assembly error
- How to build expression in ADF from json using parameterized variable?
- Reference a variable azure pipeline not working
- Graph Powershell adding a user to PIM for a privileged security group
- Indexing static HTML blob storage content with Azure Cognitive Search is not working as expected
- Azure python webapp deploy shows as running even though it is successful
- Azure pipeline get Pull request source and target branch name
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Azure Function App Fails to Delete Blob Image After Deployment
- Use Azure AD authentication but manage roles in database in .NET 6
- Microsoft Azure VMs IaaS or PaaS?
- Can an application property be updated/deleted from a ServiceBusReceivedMessage?
- Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
- RPC failed: curl 56 failure when receiving data from the peer
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Reading Excel file returns 'Invalid Request' error
- Is it possible to clone an Azure Container App?
- Unable to Enable Encryption at host for Azure VM
- Application Insights does not capture information level logging
- How to look up logical partition count and size in Cosmos DB
- AzureRmWebAppDeployment@4 tries to deploy to a wrong URL to Linux app plan
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Why I can't create azurerm_app_service connection?