Getting Insufficient privileges to complete the operation error while creating service principal from terraform

Question

I want to create service principal with terraform and have written terraform script for that. I have Azure DevOps pipelone in which I ma running this pipeline. Service principal which I am using to run the terraform script has owner access on subscription. I am getting below error while creating azure ad application

│ 
│   with module.appregister.azuread_application.auth,
│   on modules/appregister/main.tf line 6, in resource "azuread_application" "auth":
│    6: resource "azuread_application" "auth" {
│ 
│ ApplicationsClient.BaseClient.Post(): unexpected status 403 with OData
│ error: Authorization_RequestDenied: Insufficient privileges to complete the
│ operation.
╵
##[error]Error: The process '/agent/_work/_tool/terraform/1.0.3/x64/terraform' failed with exit code

What sort of Permissions are required to run this?

Answer 1

Considering Service Principals are created in Azure AD, the Service Principal used to run your Terraform script needs to have proper permission in Azure AD and not in Azure Subscription.

At the very least, I believe your Service Principal should be either in Application Administrator or Application Developer. For a list of complete Azure AD built-in roles, please see this link: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference.