Create app registrations in Azure using terraform and github workflow
- This repo uses terraform to create app registration and service principal in Azure.
| input name | description | type | mandatory |
|---|---|---|---|
| app_registration_name | Azure App registration name | string | ✔️ |
| app_registration_owner | App registration owners names | string | ✔️ |
| app_registration_description | App registration description | string | |
| app_registation_expiry | App registration secret expiry | Choice - 30,60,90,120,150,180,270,360 |
✔️ |
- Clone the repo and switch to the folder
- cd azure-create-app-registrations-using-terraform
- Then run
terraform init - run
terraform validate - then
terraform plan - provide the values when popped up
- then
terraform applyand provideyesas confirmation
- Azure active directory user should have a proper mail id available
-
Go to your cloned repo and then to actions tab
-
Choose the workflow
azure-create-app-registrations-using-terraform.yamlon left side -
Next click on
Run Workflowon right side top and enter the input parameters required -
Click on
Run Workflow(green one) -
After the job is completed, The app registration and sp will be created with owners
Authentication to Azure is done using service principal
env:
ARM_CLIENT_ID: ${{ secrets.APP_ID }}
ARM_CLIENT_SECRET: ${{ secrets.APP_SECRET }}
ARM_TENANT_ID: ${{ secrets.TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, ARM_SUBSCRIPTION_ID are required Environment variables.
I used GitHub secrets on the workflow for authentication.
<SP name>-SECRET
<SP name-APPID>
<SP name-TENANT>
- when creating Keyvault secrets, SP names will be converted to all capital letters
#References