CLI Login to azure for Terraform deployments

Introduction

In this article, we’ll explore the process of logging in to Azure for Terraform deployments and managing remote state. When working with Terraform to provision infrastructure in Azure, it’s crucial to establish a secure and authenticated connection to your Azure account.

We’ll start by discussing the steps to log in to Azure using the az login command. This command will prompt you to authenticate with your Azure credentials, allowing you to access and manage your Azure resources within your Terraform configuration.

Next, we’ll delve into managing remote state in Terraform. If you have a tfstate file in a different subscription, resource group, or storage account, we’ll guide you through the process of exporting the necessary environment variable, ARM_ACCESS_KEY. This variable ensures that Terraform can authenticate and access the remote state file properly.

By following the instructions outlined in this guide, you’ll be able to log in to Azure for your Terraform deployments and seamlessly manage remote state, even if your tfstate file resides in a different subscription.

Remark

This approach should only be used for local development e.g via vscode and should not be used for CI/CD pipelines due to security risks

How to login to azure

az login

Set correct subscription

az account set --subscription $SUBSCRIPTION_NAME

If you have a tfstate in different subscription

If you have an tfstate file in different subscriptio, resource group, or storage account you have to export the following environment variable:

export ARM_ACCESS_KEY=$(az storage account keys list --resource-group $RESGROUP --account-name $STORAGE_ACCOUNT_NAME --subscription $SUBSCRIPTION --query '[0].value' -o tsv)

After this terraform init shoud work properly.