Create a resource using a service principal

If given the necessary permissions, a service principal can create and manage Azure resources just like an account. This tutorial step provides an example of how to create a resource for Azure Storage using a service principal and the following commands:

To sign in with a service principal, you need the appID, tenantID, and password returned in the console output when you created a service principal.

  1. Sign in as the service principal.

    az login --service-principal \
             --username myServicePrincipalID \
             --password myServicePrincipalPassword \
             --tenant myOrganizationTenantID
    

    Output console:

    [
      {
        "cloudName": "AzureCloud",
        "homeTenantId": "tenantID",
        "id": "mySubscriptionId",
        "isDefault": true,
        "managedByTenants": [],
        "name": "mySubscriptionName",
        "state": "Enabled",
        "tenantId": "tenantID",
        "user": {
          "name": "myServicePrincipalID",
          "type": "servicePrincipal"
        }
      }
    ]
    
  2. Create a resource group to hold all resources for the same project.

    az group create --location westus --name myResourceGroupName
    
  3. Create a storage account.

    For Azure Storage, valid values for the <KIND> parameter are:

    • BlobStorage
    • BlockBlobStorage
    • FileStorage
    • Storage
    • StorageV2
    az storage account create --name myStorageAccountName \
                              --resource-group myResourceGroupName \
                              --kind <KIND> \
                              --sku F0 \
                              --location westus \
                              --yes
    
  4. Get resource keys, which you use in your code to authenticate to the Azure storage account.

    az storage account keys list --resource-group myResourceGroupName \
                                 --account-name myStorageAccountName
    

    Output Console:

    [
      {
        "creationTime": "2023-09-15T17:29:49.554030+00:00",
        "keyName": "key1",
        "permissions": "FULL",
        "value": "myKeyValue1"
      },
      {
        "creationTime": "2023-09-15T17:29:49.554030+00:00",
        "keyName": "key2",
        "permissions": "FULL",
        "value": "myKeyValue2"
      }
    ]
    

Next Steps

Now that you've learned how to create a resource using service principal, proceed to the next step to learn how to reset your service principal credentials.