Step by step approach in creating in Azure Service Principal(SCP)
- Open the Azure portal and sign in with your Azure account.
- Then search for "Microsoft Entra ID" and then select “App registrations” from the submenu.
- Click on the “New registration” button to create a new app registration.
- Enter a name for your app registration and select the supported account types. For example, you can choose “Single tenant” if you only want to allow users from your own organization to access the app.
- Click on the “Register” button to create the app registration. Once the app registration is created, click on the “Certificates & secrets” option in the left menu and then select the “New client secret” option.
- Enter a description and expiration date for the client secret, and then click on the “Add” button to create it.
- Make sure to copy the client secret value somewhere safe, as it will only be shown once and cannot be retrieved later.
- Finally, go to the resource group you want the service principal to access. When you are there, click on “Access Control (IAM)” and then click on “Add>Add role assignment”. 9.Click on the role you want to assign (i.e. Contributor). Then go to member, select assign access to “User, group, or service principal”, and then “Select member”. 10.Type the name of the service principal and then select it. Afterward, click on “Review + assign”.
Step 1: Open the Azure portal and sign in with your Azure account.
Then search for "Microsoft Entra ID" and then select “App registrations” from the submenu.
Step 2 :
Step 3:
Step4:
Click on Certificates & Secrets in the left hand menu and then click on New Client Secret
Step5: Enter description, select expiry then click on Add
Make sure to copy the secret value and it wont be shown once again.
Step6 : Select the resource group
Step7: Click on IAM -> Click on Add
Step8:Click on the role you want to assign (i.e. Contributor).
Step9:Then go to member, select assign access to “User, group, or service principal”, and then “Select member” .Type the name of the service principal "learnazurewithsrini" and then select it. Afterward, click on “Review + assign”.
We need following details for azure + terraform authentication
1.subscription_id = ""
2.tenant_id = ""
3.client_id = ""
4.client_secret = ""
Terraform Example :
Step1 : Create a file provider.tf and copy the below code
Terraform sample code:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.0"
}
}
}
provider "azurerm" {
features {}
subscription_id = "<azure_subscription_id>"
tenant_id = "<azure_subscription_tenant_id>"
client_id = "<service_principal_appid>"
client_secret = "<service_principal_password>"
}
Step2:create a file main.tf and copy the below mentioned code
resource "azurerm_resource_group" "az400-training" {
location = var.resource_group_location
name = "az-400-training"
}
Step3:create a file,output.tf and copy the below mentioned code
output "resource_group_name" {
value = azurerm_resource_group.az400-training.name
}
Step4:Run the terraform commands
terraform init
terraform plan
terraform apply --auto-approve
Conclusion : Discussed about creating Service principle in Azure and used SCP to authenticate the azure and provision azure resources.
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin and buy me a coffee
Top comments (2)
Great one this is
thanks Ayan