Using Terraform Providers To Deploy Resources To Different Azure Subscriptions

by

Deploying Terraform in Azure, there may be a need to deploy or reference a resource in different subscription that the current Terraform deployment is configured to deploy to. In this blog post, I will delve into the process of deploying or referencing resources in different Azure subscriptions using Terraform providers. I will cover the fundamental concept, provide step-by-step instructions and show examples to help you understand and implement this approach.

Contents hide
1 What is a Terraform Provider?
2 How does a Terraform Provider help me deploy or reference another Azure subscription?
2.1 Referencing multiple subscriptions as providers
3 Deploying to Different Azure Subscriptions
3.1 Some best practices for Managing Multiple Subscriptions with Terraform

What is a Terraform Provider?

Terraform providers are responsible for understanding and interacting with APIs of different cloud platforms. Providers allow Terraform to create, read, update, and delete resources within the cloud environment. Azure, being one of the most common cloud providers, has its own Terraform provider that enables seamless integration between your infrastructure code and Azure services.

How does a Terraform Provider help me deploy or reference another Azure subscription?

A Terraform Provider for Azure as mention allows you to interact with Azure resources and services using Terraform. To deploy resources to another Azure subscription, you can specify the subscription ID in the provider block of your Terraform configuration file.

Here is an example of how to specify the subscription ID in the provider block of your Terraform configuration file, this is used when you want to use one provider:

provider "azurerm" {
  subscription_id = "subscription-id"
  features {}
}

Referencing multiple subscriptions as providers

Now that we have showed an example of one provider reference, lets look at adding multiple, one for each subscription:

# default provider
provider "azurerm" {
  subscription_id = "subscription-id"
  features {}
}

provider "azurerm" {
  subscription_id = "subscription-id-2"
  features {}
  alias = "subscription_2"
}

provider "azurerm" {
  subscription_id = "subscription-id-3"
  features {}
  alias = "subscription_3"
}

The above Terraform configuration defines three Azure azurerm providers, each with a different subscription ID. The first provider is the default provider, while the second and third providers are aliased as “subscription_2” and “subscription_3”, respectively. This allows you to reference each provider by its alias in your Terraform configurations, allowing you reference or create resources in multiple subscriptions. More on that later..

Deploying to Different Azure Subscriptions

Deploying resources to different Azure subscriptions involves a combination of authenticating to each subscription and configuring Terraform to work with the desired subscription.

Prior to this, assuming you will be using a service principal to authenticate:

  • Ensure the service principal has required permissions in all subscriptions to which you want to deploy into

In this example, I will deploy three resource groups into three separate subscriptions

Lets create a provider.tf and add in the three required providers, one for each subscription

# default provider
provider "azurerm" {
  subscription_id = "04109105-f3ca-44ac-a3a7-66b4936112c3"
  features {}
}

provider "azurerm" {
  subscription_id = "04109105-f3ca-44ac-a3a7-66b4936112c4"
  features {}
  alias = "subscription_2"
}


provider "azurerm" {
  subscription_id = "04109105-f3ca-44ac-a3a7-66b4936112c5"
  features {}
  alias = "subscription_3"
}

In the above, I have defined three provider blocks, each with a different subscription ID. The first provider block is the default provider, which will be used if no other provider is specified. The second and third provider blocks have an alias attribute, which allows us to reference them in our Terraform configuration files. We can use the alias attribute to specify which provider to use when creating resources.

In a main.tf file – I want to deploy three resource groups, deploy one in each of the relevant provider subscriptions:

resource "azurerm_resource_group" "tamops1" {
  name     = "resource-group-sub1"
  location = "uksouth"
}

resource "azurerm_resource_group" "tamops2" {
  name     = "resource-group-sub2"
  location = "uksouth"

  provider = azurerm.subscription_2
}

resource "azurerm_resource_group" "tamops3" {
  name     = "resource-group-sub3"
  location = "uksouth"

  provider = azurerm.subscription_3
}
  • Notice the first resource group resource-group-sub1 has no provider defined? it will use the default
  • resource-group-sub2 and resource-group-sub3 both reference their associated providers.

Similar configuration done if you are wanting to reference a data block, but the resource is in another subscription, like example below:

data "azurerm_resource_group" "tamops3" {
  name     = "resource-group-sub3"
  provider = azurerm.subscription_3
}

Some best practices for Managing Multiple Subscriptions with Terraform

  1. Use a separate provider block for each subscription to ensure clear separation of resources
  2. Using the alias attribute will allow you to create multiple instances of the same provider block with different names
  3. Create Terraform modules to allow you to reuse infrastructure across multiple subscriptions
  4. Use the provider attribute to specify the provider block to use for each resource or associated module

In this blog post, we have explored how to use Terraform providers to deploy to different Azure subscriptions and also how to reference a data resource from another subscription. We have seen how to define multiple provider blocks with different subscription IDs, and how to use the alias attribute to reference specific providers when creating or referencing resources.

By using Terraform providers, we can easily deploy and reference resources from multiple Azure subscriptions with a single Terraform configuration file. This makes it easy to manage infrastructure as code across multiple environments and subscriptions.

GitHub repository here with the example Terraform configuration shown above

6 thoughts on “Using Terraform Providers To Deploy Resources To Different Azure Subscriptions”

  1. Hi Thomas ,

    First of all thank you for your effort for creating and sharing knowledge among the azure pro community to help us to learn and grow better.

    The blog article is easy to understand and could be better if screenshot of commands & result too attached .This only my feedback .

    Regards Irshad

    On Wed, 16 Aug 2023 at 18:12, Thomas Thornton – Microsoft Azure MVP –

    Reply

  2. I think this is more than sufficient to understand. The key here is using adding multiple blocks with alias and using the “provider”. Thanks T.T, as usual another great example.

    Reply

  3. Great post!! How should I approach a scenario in an Azure Pipeline where, based on the parameter in the environment section (for example, choosing to deploy to ‘dev’), the deployment process should dynamically select the provider alias for the ‘dev’ subscription from providers.tf? can the providers.tf file have dynamic variables passed?

    Reply

Leave a Reply to PavanGCancel reply

Discover more from Thomas Thornton Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading

Discover more from Thomas Thornton Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading