The issue is that I have 2 tenant ids (D and V) and 2 subscriptions id (D and V) because I'am working for 2 different clients.
This cmd is for changing the tenant ID
az login --tenant <myTenantID>
And this cmd is for changing the subscription id
az login --subscription <mysubscriptionID>
currently I am working on V subscription/tenant id and I want to switch to D subscription/tenant id.
I have run these commands mentioned above, a browser page opens and i can log in. But when I run my terraform command init, plan and apply. The terraform code creates the new resource group in the V subscription/tenant id and not in the D subscription/tenant id where I want.
Btw currently my default account is D but still it creates in the V account.
CodePudding user response:
I think you need the az account commands.
You can list your accounts as below (table for easier reading of the information)
az account list --output table
You can query which one is currently your default account using the query flag.
az account list --query "[?isDefault]"
Finally, you can change your account using either of the below commands using the subscription name or subscription Id from the command run earlier to list your subscriptions / accounts.
az account set --subscription "<YOUR SUBSCRIPTION NAME>"
az account set --subscription "<YOUR SUBSCRIPTION ID>"
CodePudding user response:
You can customize your azurerm terraform provider as per your requirements by passing the relative argument.
Terraform Code
Single Directory Structure (Depends on you but not recommended from my POV)
If you want to manage both tenants from a single directory, with only one providers.tf then you have to also use the alias feature of terraform providers.
- providers.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.37.0"
}
}
}
provider "azurerm" {
alias = "tenant_D_sub_D"
features {}
tenant_id = "tenant_D_id"
subscription_id = "subscription_D_id"
}
provider "azurerm" {
alias = "tenant_V_sub_V"
features {}
tenant_id = "tenant_V_id"
subscription_id = "subscription_V_id"
}
- resource_groups.tf
## Create respective variables[name,location] definitions in your variables.tf
resource "azurerm_resource_group" "stackoverflow_D" {
provider = azurerm.tenant_D_sub_D
name = var.name
location = var.location
}
resource "azurerm_resource_group" "stackoverflow_V" {
provider = azurerm.tenant_V_sub_V
name = var.name
location = var.location
}
Per-tenant-directory structure
- Directory Tree
.
├── tenant1
│ ├── sub1
│ │ └── providers.tf
│ └── sub2
│ └── providers.tf
└── tenant2
├── sub1
│ └── providers.tf
└── sub2
└── providers.tf
- providers.tf in any Sub
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.37.0"
}
}
}
provider "azurerm" {
features {}
tenant_id = "respective_tenant_id"
subscription_id = "respective_subscription_id"
}
Technically you can remove these tenant_id and subscription_id arguments from here but you have to make sure via az cli or environment variables that the correct tenant and subscription id are selected.
Similar providers.tf file can be used for other subscriptions.
- resource_group.tf
## Create respective variables[name,location] definitions in your variables.tf
resource "azurerm_resource_group" "stackoverflow" {
name = var.name
location = var.location
}
This will simplify your configurations and reduce maintenance efforts by a ton.
Important Considerations
- Please note that the service principal/user should have permission on both tenants as well as subscriptions while making deployments either via a single directory or per-tenant-directory structure.
Documentation URLs
- refer to this azurerm-terraform-provider official documentation for more options.
- refer to alias-multiple-provider-configurations terraform documentation.