This example demonstrates how to use tfstate-lookup with Azure Blob Storage.
- Azure CLI installed
- An Azure Storage Account with a terraform.tfstate file
tfstate-lookup uses DefaultAzureCredential for Azure authentication.
az login --scope https://management.core.windows.net//.defaultNote: If MFA (Multi-Factor Authentication) is enabled, you must use the
--scopeoption.
export AZURE_TENANT_ID=your-tenant-id
export AZURE_CLIENT_ID=your-client-id
export AZURE_CLIENT_SECRET=your-client-secretNo configuration needed. DefaultAzureCredential will automatically use managed identity.
export ARM_USE_AZUREAD=true
tfstate-lookup -s azurerm://resource-group/storage-account/container/terraform.tfstateexport AZURE_SUBSCRIPTION_ID=your-subscription-id
tfstate-lookup -s azurerm://resource-group/storage-account/container/terraform.tfstatetfstate-lookup -s azurerm://subscription-id@resource-group/storage-account/container/terraform.tfstateRe-authenticate with the management scope:
az login --scope https://management.core.windows.net//.defaultEnsure the authenticated account has one of the following:
Storage Blob Data Readerrole on the storage account (for Azure AD auth)ReaderandStorage Account Key Operator Service Roleon the storage account (for access key auth)
Either:
- Log in via Azure CLI:
az login - Set the required environment variables for service principal authentication