Provision with system managed identity

Question

My current setup. Vnet --> Running container app as build agents for pipeline inaide this vent --> Created managed identity for this container app. Using this managed identity i am providing the owner role on subscription. From my script running below things.

az login --identity

with this documentation https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/managed_service_identity

i have provided the values export ARM_USE_MSI=true export ARM_SUBSCRIPTION_ID=159f2485-xxxx-xxxx-xxxx-xxxxxxxxxxxx export ARM_TENANT_ID=72f988bf-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Still getting below error - I am not setting ARM_CLIENT_ID or other things Error: Error building ARM Config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).

To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'

Am i missing something

Answer 1

Hi Hanamant S Malakagond,

that error you're encountering indicates that terraform is attempting to authenticate using the azure cli as a user, but it doesn't support using the azure cli for authentication with a service principal or managed identity. Since you're using a system assigned managed identity, you need to configure terraform to authenticate using the managed Identity directly, rather than relying on the azure cli. Take a look an docs from MSFT according that, and if its does not help you push me I would try to explain how to fix it.

Managed Identities Overview

Terraform Authentication with Managed Identity

Troubleshoot Managed Identities

Assign Azure Roles

Managed Identity in Azure Container Apps
Please click Accept Answer and upvote if the above was helpful.

rgdds,

Alex