Search code examples
azureterraformazure-rm

Terraform Azure Backend issue

We are using Azure as the backend for our Terraform code. Below is the code.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.40.0"
    }
  }

  backend "azurerm" {
    resource_group_name  = "test"
    storage_account_name = "test"
    container_name       = "test"
    key                  = "test.tfstate"
    tenant_id            =  "abc"
  }
}

provider "azurerm" {
  features {}
  alias               = "new-new"
  subscription_id     = var.another_subscription
}

provider "azurerm" {
  features {}
}

And I have logged in as a Service Principal user using the below command:

az login --service-principal -t tenant-id-here -u object-id-of-sp -p client-secret-of-sp

And when I do terraform init it gives below error:

Initializing the backend...
╷

    │ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
    │ 
    │ To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
    │ auth method - instructions for which can be found here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_secret
    │ 
    │ Alternatively you can authenticate using the Azure CLI by using a User Account.
Solution 
  • Initializing the backend...
    │ Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal). │

    I also tried to store the backend configuration file after I logged in to Az using a Service Principal, but I'm still encountering the same error.

    enter image description here

    To resolve the issue, you need to provide the client_id, client_secret, subscription_id, and tenant_id of the service principal in the backend block of your Terraform configuration

    terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.40.0"
    }
  }

  backend "azurerm" {
    resource_group_name  = "venkat"
    storage_account_name = "venkat123"
    container_name       = "test1"
    key                  = "test.tfstate"
    tenant_id            = ""
    client_id            = ""
    client_secret        = ""
    subscription_id      = ""
  }
}
provider "azurerm" {
  features {}
  alias               = "new-new"
  subscription_id     = ""
}

    Terraform init

    Once I ran the terraform init, it is working, and the .tfstate file is also copied to the storage account as shown below.

    enter image description here