Create a resource using a service principal

If given the necessary permissions, a service principal can create and manage Azure resources just like an account. This tutorial step provides an example of how to create a resource for Azure Storage using a service principal and the following commands:

• az login
• az group create
• az storage account create
• az storage account keys list

To sign in with a service principal, you need the appID, tenantID, and password returned in the console output when you created a service principal.

1. Sign in as the service principal.

   az login --service-principal \
            --username myServicePrincipalID \
            --password myServicePrincipalPassword \
            --tenant myOrganizationTenantID
   

   Output console:

   [
     {
       "cloudName": "AzureCloud",
       "homeTenantId": "tenantID",
       "id": "mySubscriptionId",
       "isDefault": true,
       "managedByTenants": [],
       "name": "mySubscriptionName",
       "state": "Enabled",
       "tenantId": "tenantID",
       "user": {
         "name": "myServicePrincipalID",
         "type": "servicePrincipal"
       }
     }
   ]
   

2. Create a resource group to hold all resources for the same project.

   az group create --location westus --name myResourceGroupName
   

3. Create a storage account.

   For Azure Storage, valid values for the <KIND> parameter are:

   • BlobStorage
   • BlockBlobStorage
   • FileStorage
   • Storage
   • StorageV2

   az storage account create --name myStorageAccountName \
                             --resource-group myResourceGroupName \
                             --kind <KIND> \
                             --sku F0 \
                             --location westus \
                             --yes
   

4. Get resource keys, which you use in your code to authenticate to the Azure storage account.

   az storage account keys list --resource-group myResourceGroupName \
                                --account-name myStorageAccountName
   

   Output Console:

   [
     {
       "creationTime": "2023-09-15T17:29:49.554030+00:00",
       "keyName": "key1",
       "permissions": "FULL",
       "value": "myKeyValue1"
     },
     {
       "creationTime": "2023-09-15T17:29:49.554030+00:00",
       "keyName": "key2",
       "permissions": "FULL",
       "value": "myKeyValue2"
     }
   ]
   

Next Steps

Now that you've learned how to create a resource using service principal, proceed to the next step to learn how to reset your service principal credentials.