I'm just starting out with GitHub Actions and Azure, and I'm trying to set up Terraform to manage Azure resources like policies and prepare landing zones. Although I've worked with Terraform before using Bitbucket and GCP, I'm struggling with the authentication process while using this Azure sample repository from Microsoft, which automates a TF plan on pull requests and applies it after merges. Here are my main issues: 1. The readme mentions needing an 'Azure Active Directory application,' but I can only find 'App registrations' in the Azure portal under Entra ID. 2. The documentation suggests creating an 'Entra application with a service principal,' but I'm confused about what this is and how it relates to app registration. 3. I'm instructed to copy the 'Client ID,' 'Subscription ID,' and 'Directory ID' to add as repository secrets, but I don't see a subscription ID in my app registration—only the client, object, and tenant IDs. 4. The sample repo includes Terraform actions, but I haven't seen anything about the login part, which I think involves the Azure login action. Overall, I'm really confused about the different terms and how they all connect. Can someone clarify this?
1 Answer
You're on the right track! The 'App Registration' you create is indeed the service principal. When you set up the app registration, you're essentially paving the way for your service principal, which you can then assign permissions to. I totally get the confusion though; Microsoft’s terminology can be a huge pain.
Thanks for clarifying! I've created the app registration. They keep using the terms 'App Registration' and 'Service Principal' interchangeably, right? I gave it the necessary permissions in my management group. What's the next step, though? They keep mentioning a subscription ID, but I can't find it.