Terraform - connecting to AD
You’ve created a new subscription, created service principal for terraform, ran your scripts for creating infrastructure and then… boom! Terraform doesn’t have rights to read currently existing user which is referenced by "data" "azuread_user"
block.
Exact error looks following:
It’s because terraform service principal doesn’t have enough privileges to read users data from Azure Active Directory.
What needs to be done?
- Login into Azure Portal
- Go into Azure Active Directory, then App registrations.
- Find service principal responsible for terraform, in my case it’s named
terraform
. - Go to
API permissions
tab. - Add following permissions for Microsoft.Graph API:
- Application.ReadWrite.All
- AppRoleAssignment.ReadWrite.All
- Directory.ReadWrite.All
- After adding, give an admin consent for all of these permissions.
Final list looks like this:
Right now terraform service principal has rights to read users and domain data.
Read other posts