Skip to content

Authentication in Terraform Cloud

Azure

To authenticate from Terraform cloud to Azure you can use a service principal and store the credentials in a Terraform cloud variable set. Following least privilege methodology it's good advice to limit the user of this variable set to a given workspace. So if you have matched a workspace to a landing zone such as a subscription you would have multiple service principals configured in multiple variable sets each assigned to the matching workspace.

Variable set example

Name {cloud}-{tenant}-{subscription}-spn|Some text

Description - some text

Workspaces- assinged to a specific workspace

OBS! make sure you set the key/value set as an environment variable

Key Value HCL Sensitive
ARM_CLIENT_ID No Yes
ARM_CLIENT_SECRET No Yes
ARM_SUBSCRIPTION_ID No Yes
ARM_TENANT_ID No Yes

AWS

To authenticate from Terraform Cloud to AWS you need an IAM user profile with an access key ID and secret.

Variable set example Create the variable set as environment variables.

Key Value
AWS_ACCESS_KEY_ID The value from the IAM console
AWS_SECRET_ACCESS_KEY The value from the IAM console