Reputation: 171
Authenticate terraform with system managed identity
Currently i am trying to use system managed identity to perform the terraform provision. But getting below error.
Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
I am providing the below config. Before terraform init i am logging with managed identity
export ARM_ENVIRONMENT=public
export ARM_USE_MSI=true
export ARM_SUBSCRIPTION_ID=${ENV_SUBSCRIPTION_ID}
export ARM_TENANT_ID=${ENV_TENANT_ID}
I got above config from export https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/managed_service_identity
System managed identity has contributor role on Subscription + Owner role on subscription. Am i missing something ?
Upvotes: 0
Views: 48
Answers (1)
Reputation: 2401
Authenticate terraform with system managed identity
If you're using a system-assigned managed identity, it only works inside the Azure, not outside of it. So how you're using the managed Identity was also taken in consideration.
In your case, it's not specified where you're running. So, if the system managed Identity create for VM the so make sure you to run the code inside it not outside.
For outside use, you may use user managed identity or service principal along with a client Secret. The MSI endpoint 169.254.169.254 is only accessible from within Azure.
As per the error description, if you are running this command from outside Azure, it won’t be able to reach this endpoint. If you are running the CLI from a local environment or outside Azure, you won't be able to use the --identity parameter.
The best possible solution is to authenticate using service principal and secret as per the documentation becasue when youre using system managed identity client id reference won't work.
For more info on this refer to the documentation below
Authenticating to Azure using Managed Identity with Terraform - Stack Overflow answered by Mike Cole
https://learn.microsoft.com/en-us/answers/questions/1862087/cannot-login-to-azure-using-a-managed-user-identit answered by hossein jalilian
Upvotes: 0
Related Questions
- Authenticate terraform using Azure AD user assigned managed identity
- Azure DevOps Terraform Pipeline: Authentication Issue with Federated Identity and Managed Identity
- Authenticating to Azure using Managed Identity with Terraform
- Terraform - AzureDataLake Create Error Failure responding to request: StatusCode=403
- Unable to create Azure resources using terraform despite being a subscription owner
- How to use terraform to store connection string from SQL Managed Instance in Azure Key vault
- Terraform init does not run with the same login context as other terraform commands
- How to restore DB from existing backup file for Azure managed PostgreSQL in terraform?
- Terraform : removal of identity block does not remove identity assigned from resource azure logic app