terraform authenticating via service principal, managed identity.

To authenticate terraform using OIDC where we need to setup the trust between Azure Devops and Azure AD, we need setup Federated Credentials and use subject from Azure Devops. This is not covered here. There are many authentication method supported by terraform namely

- Azure cli 

- managed identity

- service principal and secret

- service principal and certificate 

- openId connect

- workload identity


Using service principal 

Using powershell you can set and use the followings command 

$env:ARM_CLIENT_ID=""
$env:ARM_CLIENT_SECRET=""
$env:ARM_TENANT_ID =""
$env:ARM_SUBSCRIPTION_ID=""


Using Managed Identity

To use a managed identity, you can use the following scripts:

I also did a test to ensure compatibility to opentofu. Looks like the authentication mechanism is the same. 

$env:ARM_USE_MSI="true"
$env:ARM_SUBSCRIPTION_ID=""
$env:ARM_TENANT_ID=""
$env:ARM_CLIENT_ID=""
$env:ARM_MSI_ENDPOINT=$MSI_ENDPOINT

Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more