Terraform: Using AzDo With No Service Connection
In this post, I will briefly outline how to use Azure Devops deployment into Azure without setting up a Service connection as mentioned in my original post.
Note: You can see the code for this post on my Github repo.
Basically, just add a bash task to login using the Service Principle that you deploy resources as:
1 2 3 4 5 6 7 8 9 10 11
- task: Bash@3 displayName: "Az Login" inputs: targetType: inline failOnStderr: true script: | az login --service-principal -u $(az-tf-client-id) \ -p $(az-tf-client-secret) \ -t $(tenant-id) \ --output none az account set --subscription $(subscription-id)
NOTE: If you populate your secrets from an Azure Keyvault, you will most likely need to authenticate as a KeyVault user, update your pipeline secrets, and then move on if you want to do this using only a Service Principle.
Since I plan to migrate to Github Actions though, I will be doing something like this instead.