Terraform: Using AzDo With No Service Connection

less than 1 minute read

Description:

In this post, I will briefly outline how to use Azure Devops deployment into Azure without setting up a Service connection as mentioned in my original post.

Note: You can see the code for this post on my Github repo.

To Resolve:

  1. Basically, just add a bash task to login using the Service Principle that you deploy resources as:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    
    - task: Bash@3
       displayName: "Az Login"
       inputs:
          targetType: inline
          failOnStderr: true
          script: |
             az login --service-principal -u $(az-tf-client-id) \
                -p $(az-tf-client-secret) \
                -t $(tenant-id) \
                --output none
             az account set --subscription $(subscription-id)
    

    NOTE: If you populate your secrets from an Azure Keyvault, you will most likely need to authenticate as a KeyVault user, update your pipeline secrets, and then move on if you want to do this using only a Service Principle.

  2. Since I plan to migrate to Github Actions though, I will be doing something like this instead.