Question 103800 in Azure Question posted in
The official documentation to get you started can be found here.

How to create resource group in Azure when you are working with multiple tenant IDs?

The issue is that I have 2 tenant ids (D and V) and 2 subscriptions id (D and V) because I’am working for 2 different clients.

This cmd is for changing the tenant ID

az login --tenant <myTenantID>

And this cmd is for changing the subscription id

az login --subscription <mysubscriptionID>

currently I am working on V subscription/tenant id and I want to switch to D subscription/tenant id.

I have run these commands mentioned above, a browser page opens and i can log in.
But when I run my terraform command init, plan and apply. The terraform code creates the new resource group in the V subscription/tenant id and not in the D subscription/tenant id where I want.

Btw currently my default account is D but still it creates in the V account.

Tags:

2

Answers


  1. 0

    I think you need the az account commands.

    You can list your accounts as below (table for easier reading of the information)

    az account list --output table

    You can query which one is currently your default account using the query flag.

    az account list --query "[?isDefault]"

    Finally, you can change your account using either of the below commands using the subscription name or subscription Id from the command run earlier to list your subscriptions / accounts.

    az account set --subscription "<YOUR SUBSCRIPTION NAME>"
az account set --subscription "<YOUR SUBSCRIPTION ID>"
    Login or Signup to reply.
  2. 0

    You can customize your azurerm terraform provider as per your requirements by passing the relative argument.

    Terraform Code

    Single Directory Structure (Depends on you but not recommended from my POV)

    If you want to manage both tenants from a single directory, with only one providers.tf then you have to also use the alias feature of terraform providers.

    • providers.tf
    terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.37.0"
    }
  }
}

provider "azurerm" {
  alias = "tenant_D_sub_D"
  features {}
  tenant_id       = "tenant_D_id"
  subscription_id = "subscription_D_id"
}

provider "azurerm" {
  alias = "tenant_V_sub_V"
  features {}
  tenant_id       = "tenant_V_id"
  subscription_id = "subscription_V_id"
}
    • resource_groups.tf
    ## Create respective variables[name,location] definitions in your variables.tf 
resource "azurerm_resource_group" "stackoverflow_D" {
  provider = azurerm.tenant_D_sub_D

  name     = var.name
  location = var.location
}

resource "azurerm_resource_group" "stackoverflow_V" {
  provider = azurerm.tenant_V_sub_V

  name     = var.name
  location = var.location
}

    Per-tenant-directory structure

    • Directory Tree
    .
├── tenant1
│   ├── sub1
│   │   └── providers.tf
│   └── sub2
│       └── providers.tf
└── tenant2
    ├── sub1
    │   └── providers.tf
    └── sub2
        └── providers.tf
    • providers.tf in any Sub
    terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.37.0"
    }
  }
}

provider "azurerm" {
  features {}
  tenant_id       = "respective_tenant_id"
  subscription_id = "respective_subscription_id"
}

    Technically you can remove these tenant_id and subscription_id arguments from here but you have to make sure via az cli or environment variables that the correct tenant and subscription id are selected.
    Similar providers.tf file can be used for other subscriptions.

    • resource_group.tf
    ## Create respective variables[name,location] definitions in your variables.tf
resource "azurerm_resource_group" "stackoverflow" {

  name     = var.name
  location = var.location
}

    This will simplify your configurations and reduce maintenance efforts by a ton.

    Important Considerations

    • Please note that the service principal/user should have permission on both tenants as well as subscriptions while making deployments either via a single directory or per-tenant-directory structure.

    Documentation URLs

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search