New-TerraformCredential.PS1

#Creates Terraform App Account
Param (
    $ApplicationName="Terraform",
    $AppURL="http://terraform.io",
    [Parameter(Mandatory=$true)]$AppPassword,
    $AppRoleAssigned="Owner"
)

$Account = Login-AzureRmAccount
$Subs = Get-AzureRmSubscription
Foreach ($Sub in $Subs) {
    $Sub
    $Answer = Read-Host "Use this subscription? [Y/N]"
    if ($Answer -eq "y") {
        $SubscriptionId = $Sub.SubscriptionId
        $Selected = Select-AzureRmSubscription -SubscriptionId $Sub.SubscriptionId
        Break
    }
}

if (!($SubscriptionId)) {
    Write-Warning "No Subscription was selected"
    Exit 1
}

$App = New-AzureRmADApplication -DisplayName $ApplicationName `
    -HomePage $AppURL -IdentifierUris $AppURL -Password $AppPassword

$SPN = New-AzureRmADServicePrincipal -ApplicationId $App.ApplicationId

Start-Sleep 15

$Role = New-AzureRmRoleAssignment -ServicePrincipalName $AppURL `
    -RoleDefinitionName $AppRoleAssigned

Write-Host "New App auth created, run the following code to export the environment variables (You should copy this into a .ps1 for later use.)`n"

Write-Host "`$ENV:ARM_SUBSCRIPTION_ID = `"$($SubscriptionId)`""
Write-Host "`$ENV:ARM_CLIENT_ID       = `"$($App.ApplicationId.Guid)`""
Write-Host "`$ENV:ARM_CLIENT_SECRET   = `"$($AppPassword)`"" 
Write-Host "`$ENV:ARM_TENANT_ID       = `"$($Sub.TenantId)`""

Thank you, this was very helpful. I had to make a small change to get it to work in my environment that you might want to use, it's at https://gist.github.com/paulbort/655130cb10b7b510cd518509268b1b08/revisions

It may also be worth adding a documentation note that this sets up the account, but doesn't grant any permissions. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role shows how to add permissions to the new account so that it can do something useful.