Service Principal is an identity for use with applications, automated tools (like as Terraform) to access Azure Resources. This identity is a security object within a Microsoft Entra application taht defines what an application can do in given tenant.
It can be define in Azure Portal but today I explain how can we create it via Azure CLI.
First command for create Service Principal
az ad sp create-for-rbac --name "<SPNAME>"This command’s JSON output will show appId, displayName, password and tenant information.
{
"appId": "065ad836-xxxx-xxx-xxxx-xxxxxx",
"displayName": "TestSP",
"password": "r3C8Q~jxxxxxxxxxxxxxx",
"tenant": "6xxxx2c77-xxxxxxxx-xxxxxx"
}We will use appId as clientId for assign Service Principal to subscriptions.
az role assignment create --assignee 065ad836-xxxx-xxx-xxxx-xxxxxx --role Owner --scope /subscriptions/xxxx-xxxxx-xxxxx-xxxxx