Authentication in Terraform Cloud
Categories:
less than a minute
Azure
To authenticate from Terraform cloud to Azure you can use a service principal and store the credentials in a Terraform cloud variable set. Following least privilege methodology it’s good advice to limit the user of this variable set to a given workspace. So if you have matched a workspace to a landing zone such as a subscription you would have multiple service principals configured in multiple variable sets each assigned to the matching workspace.
Variable set example
Name
{cloud}-{tenant}-{subscription}-spn|Some text
Description
- some text
Workspaces
- assinged to a specific workspace
OBS! make sure you set the key/value set as an environment variable
Key | Value | HCL | Sensitive |
---|---|---|---|
ARM_CLIENT_ID | <APPID_VALUE> | No | Yes |
ARM_CLIENT_SECRET | <PASSWORD_VALUE> | No | Yes |
ARM_SUBSCRIPTION_ID | <SUBSCRIPTION_ID> | No | Yes |
ARM_TENANT_ID | <TENANT_VALUE> | No | Yes |
AWS
To authenticate from Terraform Cloud to AWS you need an IAM user profile with an access key ID and secret.
Variable set example
Create the variable set as environment variables
.
Key | Value |
---|---|
AWS_ACCESS_KEY_ID | The value from the IAM console |
AWS_SECRET_ACCESS_KEY | The value from the IAM console |