Authentication in Terraform Cloud
Azure¶
To authenticate from Terraform cloud to Azure you can use a service principal and store the credentials in a Terraform cloud variable set. Following least privilege methodology it's good advice to limit the user of this variable set to a given workspace. So if you have matched a workspace to a landing zone such as a subscription you would have multiple service principals configured in multiple variable sets each assigned to the matching workspace.
Variable set example¶
Name
{cloud}-{tenant}-{subscription}-spn|Some text
Description
- some text
Workspaces
- assinged to a specific workspace
OBS! make sure you set the key/value set as an environment variable
Key | Value | HCL | Sensitive |
---|---|---|---|
ARM_CLIENT_ID | No | Yes | |
ARM_CLIENT_SECRET | No | Yes | |
ARM_SUBSCRIPTION_ID | No | Yes | |
ARM_TENANT_ID | No | Yes |
AWS¶
To authenticate from Terraform Cloud to AWS you need an IAM user profile with an access key ID and secret.
Variable set example
Create the variable set as environment variables
.
Key | Value |
---|---|
AWS_ACCESS_KEY_ID | The value from the IAM console |
AWS_SECRET_ACCESS_KEY | The value from the IAM console |