Terraform State File in Azure Storage and Authentication

Occasional Contributor


I am looking for ways to use terraform with azure storage.  I understand that we can use Azure storage to store terraform state file using "Backend" block. However, my use case is bit different. I want to have different state files for different teams(These teams will have access to different subscriptions), so that if users from different teams are working then they don't touch environment of other teams.

For example - Lets say I have Team A( That can deploy resources in subscription A) and Team B(That can deploy resources in Subscription B). How do I ensure that when users from different teams run terraform on their workstation then they can only deploy resources to the subscription they are suppose to and accordingly state file is updated in the azure storage. One way to achieve this is use Terraform environment variables and authenticate to Azure storage account but I want to avoid that because of sensitive values associated with it. Can we have some centralized virtual machine or docker container that runs terraform code that is stored on Azure Devops repo and take care of this automation ?

0 Replies