Instantly share code, notes, and snippets.

Embed
What would you like to do?
#Creates Terraform App Account
Param (
$ApplicationName="Terraform",
$AppURL="http://terraform.io",
[Parameter(Mandatory=$true)]$AppPassword,
$AppRoleAssigned="Owner"
)
$Account = Login-AzureRmAccount
$Subs = Get-AzureRmSubscription
Foreach ($Sub in $Subs) {
$Sub
$Answer = Read-Host "Use this subscription? [Y/N]"
if ($Answer -eq "y") {
$SubscriptionId = $Sub.SubscriptionId
$Selected = Select-AzureRmSubscription -SubscriptionId $Sub.SubscriptionId
Break
}
}
if (!($SubscriptionId)) {
Write-Warning "No Subscription was selected"
Exit 1
}
$App = New-AzureRmADApplication -DisplayName $ApplicationName `
-HomePage $AppURL -IdentifierUris $AppURL -Password $AppPassword
$SPN = New-AzureRmADServicePrincipal -ApplicationId $App.ApplicationId
Start-Sleep 15
$Role = New-AzureRmRoleAssignment -ServicePrincipalName $AppURL `
-RoleDefinitionName $AppRoleAssigned
Write-Host "New App auth created, run the following code to export the environment variables (You should copy this into a .ps1 for later use.)`n"
Write-Host "`$ENV:ARM_SUBSCRIPTION_ID = `"$($SubscriptionId)`""
Write-Host "`$ENV:ARM_CLIENT_ID = `"$($App.ApplicationId.Guid)`""
Write-Host "`$ENV:ARM_CLIENT_SECRET = `"$($AppPassword)`""
Write-Host "`$ENV:ARM_TENANT_ID = `"$($Sub.TenantId)`""
@paulbort

This comment has been minimized.

Show comment
Hide comment
@paulbort

paulbort Feb 14, 2018

Thank you, this was very helpful. I had to make a small change to get it to work in my environment that you might want to use, it's at https://gist.github.com/paulbort/655130cb10b7b510cd518509268b1b08/revisions

It may also be worth adding a documentation note that this sets up the account, but doesn't grant any permissions. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role shows how to add permissions to the new account so that it can do something useful.

paulbort commented Feb 14, 2018

Thank you, this was very helpful. I had to make a small change to get it to work in my environment that you might want to use, it's at https://gist.github.com/paulbort/655130cb10b7b510cd518509268b1b08/revisions

It may also be worth adding a documentation note that this sets up the account, but doesn't grant any permissions. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role shows how to add permissions to the new account so that it can do something useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment