How to view if a resource was created by a Azure service principal?
I logged into azure using az login --service-principal and created a resource group. How to find out the audit trail which says that the resource group was created by a service principal? When I go for "Audit Logs", it mentions that my own user id has created it. How can that be possible? Why is it reporting that I created it, when the truth is that I used the client id and secret to login and create the resource group?
Please make sure that you are using the az login --service-principal --username APP_ID --password PASSWORD --tenant TENANT_ID to sign in with the service principal.
After creating the resource group by az group create -l westus -n AllenTestRGroup008, I open Activity log and see that there is only one operation here:
The Event initiated by is the caller of this operation. So in my case, testMultiMSA is the service principal who creates the resource group.
If I click on the log for more details, I can find the caller property in JSON. It is the object id of the service principal.
You can have a check from your side.