Skip to content

Azure

To use Terrateam with Azure, authentication and authorization need to be configured for your Azure account. Setup only takes a few minutes.

Prerequisites

Before you begin, ensure you have the following:

Create a Terrateam Service Principal

A dedicated service principal and client secret is used to access Azure resources.

  1. Login to the Azure CLI
    az login
  2. Get your Subscription ID
    az account list
    Example output:
    [
    {
    "cloudName": "AzureCloud",
    "id": "00000000-0000-0000-0000-000000000000",
    "isDefault": true,
    "name": "PAYG Subscription",
    "state": "Enabled",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "user": {
    "name": "user@example.com",
    "type": "user"
    }
    }
    ]
  3. Export your Subscription ID
    export SUBSCRIPTION_ID="<subscription-id>"
  4. Set the Subscription ID
    az account set --subscription "$SUBSCRIPTION_ID"
  5. Create a terrateam service principal
    az ad sp create-for-rbac --role="Contributor" \
    --scopes="/subscriptions/$SUBSCRIPTION_ID"
    Example output:
    {
    "appId": "00000000-0000-0000-0000-000000000000",
    "displayName": "azure-cli-2017-06-05-10-41-15",
    "name": "http://azure-cli-2017-06-05-10-41-15",
    "password": "0000-0000-0000-0000-000000000000",
    "tenant": "00000000-0000-0000-0000-000000000000"
    }
    Record the following to use in the next step:
    • appID maps to ARM_CLIENT_ID
    • password maps to ARM_CLIENT_SECRET
    • tenant maps to ARM_TENANT_ID

Add Credentials to GitHub Secrets

Credentials are securely stored in GitHub Secrets and exposed as obfuscated environment variables in the Terrateam GitHub Action runtime environment.

  1. Export your Terraform organization/repo combination as an environment variable.
    export REPO="<OWNER/REPO>"
  2. Create the Azure Subscription ID GitHub Secret
    gh secret --repo "$REPO" set ARM_SUBSCRIPTION_ID --body "$SUBSCRIPTION_ID"
  3. Create the Azure Client ID (appID) GitHub Secret
    gh secret --repo "$REPO" set ARM_CLIENT_ID
  4. Create the Azure Client Secret (password) GitHub Secret
    gh secret --repo "$REPO" set ARM_CLIENT_SECRET
  5. Create the Azure Tenant ID (tenant) GitHub Secret
    gh secret --repo "$REPO" set ARM_TENANT_ID

You are now able to use Terrateam for plan and apply operations against Azure resources.