Create a resource using a service principal
If given the necessary permissions, a service principal can create and manage Azure resources just like an account. This tutorial step provides an example of how to create a resource for Azure Storage using a service principal and the following commands:
To sign in with a service principal, you need the appID
, tenantID
, and password
returned in the console output when you created a service principal.
Sign in as the service principal.
az login --service-principal \ --username myServicePrincipalID \ --password myServicePrincipalPassword \ --tenant myOrganizationTenantID
Output console:
[ { "cloudName": "AzureCloud", "homeTenantId": "tenantID", "id": "mySubscriptionId", "isDefault": true, "managedByTenants": [], "name": "mySubscriptionName", "state": "Enabled", "tenantId": "tenantID", "user": { "name": "myServicePrincipalID", "type": "servicePrincipal" } } ]
Create a resource group to hold all resources for the same project.
az group create --location westus --name myResourceGroupName
Create a storage account.
For Azure Storage, valid values for the
<KIND>
parameter are:- BlobStorage
- BlockBlobStorage
- FileStorage
- Storage
- StorageV2
az storage account create --name myStorageAccountName \ --resource-group myResourceGroupName \ --kind <KIND> \ --sku F0 \ --location westus \ --yes
Get resource keys, which you use in your code to authenticate to the Azure storage account.
az storage account keys list --resource-group myResourceGroupName \ --account-name myStorageAccountName
Output Console:
[ { "creationTime": "2023-09-15T17:29:49.554030+00:00", "keyName": "key1", "permissions": "FULL", "value": "myKeyValue1" }, { "creationTime": "2023-09-15T17:29:49.554030+00:00", "keyName": "key2", "permissions": "FULL", "value": "myKeyValue2" } ]
Next Steps
Now that you've learned how to create a resource using service principal, proceed to the next step to learn how to reset your service principal credentials.