Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
#Creates Terraform App Account
Param (
$Account = Login-AzureRmAccount
$Subs = Get-AzureRmSubscription
Foreach ($Sub in $Subs) {
$Answer = Read-Host "Use this subscription? [Y/N]"
if ($Answer -eq "y") {
$SubscriptionId = $Sub.SubscriptionId
$Selected = Select-AzureRmSubscription -SubscriptionId $Sub.SubscriptionId
if (!($SubscriptionId)) {
Write-Warning "No Subscription was selected"
Exit 1
$App = New-AzureRmADApplication -DisplayName $ApplicationName `
-HomePage $AppURL -IdentifierUris $AppURL -Password $AppPassword
$SPN = New-AzureRmADServicePrincipal -ApplicationId $App.ApplicationId
Start-Sleep 15
$Role = New-AzureRmRoleAssignment -ServicePrincipalName $AppURL `
-RoleDefinitionName $AppRoleAssigned
Write-Host "New App auth created, run the following code to export the environment variables (You should copy this into a .ps1 for later use.)`n"
Write-Host "`$ENV:ARM_SUBSCRIPTION_ID = `"$($SubscriptionId)`""
Write-Host "`$ENV:ARM_CLIENT_ID = `"$($App.ApplicationId.Guid)`""
Write-Host "`$ENV:ARM_CLIENT_SECRET = `"$($AppPassword)`""
Write-Host "`$ENV:ARM_TENANT_ID = `"$($Sub.TenantId)`""
Copy link

paulbort commented Feb 14, 2018

Thank you, this was very helpful. I had to make a small change to get it to work in my environment that you might want to use, it's at

It may also be worth adding a documentation note that this sets up the account, but doesn't grant any permissions. shows how to add permissions to the new account so that it can do something useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment