Authentication in Terraform Cloud
Azure¶
To authenticate from Terraform cloud to Azure you can use a service principal and store the credentials in a Terraform cloud variable set. Following least privilege methodology it's good advice to limit the user of this variable set to a given workspace. So if you have matched a workspace to a landing zone such as a subscription you would have multiple service principals configured in multiple variable sets each assigned to the matching workspace.
Variable set example¶
Name {cloud}-{tenant}-{subscription}-spn|Some text
Description - some text
Workspaces- assinged to a specific workspace
OBS! make sure you set the key/value set as an environment variable
| Key | Value | HCL | Sensitive |
|---|---|---|---|
| ARM_CLIENT_ID | No | Yes | |
| ARM_CLIENT_SECRET | No | Yes | |
| ARM_SUBSCRIPTION_ID | No | Yes | |
| ARM_TENANT_ID | No | Yes |
AWS¶
To authenticate from Terraform Cloud to AWS you need an IAM user profile with an access key ID and secret.
Variable set example
Create the variable set as environment variables.
| Key | Value |
|---|---|
| AWS_ACCESS_KEY_ID | The value from the IAM console |
| AWS_SECRET_ACCESS_KEY | The value from the IAM console |