堆栈内存溢出
  简体   繁体   English

在具有terraform的订阅下创建一个Azure资源组

[英]create an azure resource group under a subscription with terraform

 原文  2019-03-10 21:07:16       azure/ terraform

问题描述

I am looking at this example from the terraform docs for creating an azure group: 我正在从terraform文档中查看此示例以创建一个天蓝色的组: 

resource "azurerm_resource_group" "test" {
  name     = "testResourceGroup1"
  location = "West US"

  tags = {
    environment = "Production"
  }
}

It does not specify the subscription anywhere. 它没有在任何地方指定订阅。

How can I specify the subscription? 如何指定订阅?

2 个解决方案

解决方案1
 1 已采纳  2019-03-11 01:14:40

For your issue, you know the Terraform deploy the Azure resources through the Azure CLI. 对于您的问题,您知道Terraform通过Azure CLI部署Azure资源。 And there are four ways to authenticate. 并且有四种验证方式。

Authenticating to Azure using the Azure CLI 使用Azure CLI对Azure进行身份验证

Authenticating to Azure using Managed Service Identity 使用托管服务身份向Azure进行身份验证

Authenticating to Azure using a Service Principal and a Client Certificate 使用服务主体和客户端证书向Azure进行身份验证

Authenticating to Azure using a Service Principal and a Client Secret 使用服务主体和客户端机密向Azure进行身份验证

If you do not set the tenant Id and subscription Id in the Terraform code, then you must use the first method in default. 如果未在Terraform代码中设置租户ID和订阅ID,则默认情况下必须使用第一种方法。 And you authenticate via the Azure CLI with the account that you log in the Azure CLI. 然后,您可以使用登录CLI的帐户通过Azure CLI进行身份验证。 So which subscription you set in the CLI then you use it for your Terraform. 因此,您要在CLI中设置哪个订阅,然后将其用于Terraform。

But as the Terraform recommend: 但正如Terraform建议:

We recommend using either a Service Principal or Managed Service Identity when running Terraform non-interactively (such as when running Terraform in a CI server) - and authenticating using the Azure CLI when running Terraform locally. 我们建议在非交互式运行Terraform时(例如,在CI服务器中运行Terraform时)使用服务主体或托管服务身份-在本地运行Terraform时使用Azure CLI进行身份验证。

So that you could grant the more appropriate permission for the service principal as you want. 这样您就可以根据需要为服务主体授予更适当的权限。

解决方案2
 0  2019-03-11 00:20:17

Subscription is set when you configure Terraform to log in to Azure. 在将Terraform配置为登录Azure时设置了订阅。 The recommended way is to use an Azure AD service principal and environment variables. 推荐的方法是使用Azure AD服务主体和环境变量。

To configure Terraform to use your Azure AD service principal, set the following environment variables, which are then used by the Azure Terraform modules. 要将Terraform配置为使用Azure AD服务主体,请设置以下环境变量,然后由Azure Terraform模块使用。 You can also set the environment if working with an Azure cloud other than Azure public. 如果使用Azure公共以外的Azure云,则还可以设置环境。

  • ARM_SUBSCRIPTION_ID
  • ARM_CLIENT_ID
  • ARM_CLIENT_SECRET
  • ARM_TENANT_ID
  • ARM_ENVIRONMENT

Reference 参考

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Terraform - List to String 以创建 azure 订阅列表 - Terraform - List to String to create the azure subscription list "如何通过 Terraform 创建 Azure 订阅?" - How to create Azure subscription via Terraform? 如何在 Azure 市场中使用 Terraform 创建 Sengrid 订阅 - How to create a Sengrid Subscription with Terraform in Azure Marketplace 如何获取Azure资源组的订阅名称 - How to get subscription name of azure resource group 如何使用 terraform 在 azure 中管理现有资源组 - How to manage existing resource group in azure with terraform 使用 terraform 创建 Azure 资源组 - Azure resource group creation using terraform 在不同订阅下拥有 Terraform azure 状态文件 - Having the Terraform azure state file under different subscription Terraform - Azure 资源组:错误:ID 不能是资源组 ID - Terraform - Azure Resource Group: Error: ID cannot be a Resource Group ID Terraform - 新的 Azure 资源组的“对象已在 Terraform 之外更改” - Terraform - 'Objects have changed outside of Terraform' for a new Azure resource group 我应该创建资源组还是订阅? - Should I create a resource group or subscription?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM