we deploy resources in our Azure tenant through Jenkins which uses terraform to provision infra resources.
and we use service principal for authentication and infra provisioning which are in same tenant. in our infra deployment we also create VNET peering with the new Vnet which get deployed and our central VNET which has all the infra resources like monitoring and logging platform.
now we have a use case where by using the same Jenkins and terraform scripts we want to provision resources on different tenant. this can be done by using the service principal of remote tenant.
but now issue is service principal of TenantB do not have rights to create network resources in TenantA. to make this happen service principal of TenantB should have access on Vnet in TenantA.
i am looking for documentation or guidance how we can give access to service principal of TenantB in our TenantA?
give access to service principal which is in another azure tenant
3.5k views Asked by chitender kumar At
1
There are 1 answers
Related Questions in AZURE
- How to update to the latest external Git in Azure Web App?
- I need an azure product that executes my intensive ffmpeg command then dies, and i only get charged for the delta. Any Tips?
- Inject AsyncCollector into a service
- mutual tls authentication between app service and function app
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Application settings for production deployment slot in Azure App Services
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Implementing Incremental consent when using both application and delegated permissions
- Invalid format for email address in WordPress on Azure app service
- Producer Batching Service Bus Vs Kafka
- Integrating Angular External IP with ClusterIP of .NET microservices on AKS
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Azure Batch for Excel VBA
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Azure Scale Sets and Parallel Jobs
Related Questions in AZURE-ACTIVE-DIRECTORY
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Microsoft Entra ID - How to delete a tenant?
- Azure AD guest account in web app authentication user claims data
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- Azure Cross Cloud Auth using AAD
- Get id token from the access token
- Microsoft Identity does not work in docker desktop
- how to get refresh token in msal-browser Azure AD B2C login?
- Local DX for service-to-service authentication based on Managed Identities in Azure
- How can I add an identity provider to an existing user in an AWS Cognito user pool using the OIDC protocol?
- Azure B2C MFA custom policy flow 'try another way'
- How can I protect an Java Spring boot API against Azure AD B2C if I only have an id_token?
- Is there any way to get a new Azure CLI token without logging out?
- Code a Delegated Permission in Azure Powershell
- Service Principals I create are not being created as mine
Related Questions in TERRAFORM
- Why does terraform aws_cognito_user_pool always show as "updated in-place" on every single terraform plan?
- Terraform - loop over complex data in data source
- Terraform cidrsubnets
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Problem to add service principal permissions with terraform
- Multiple resources for the depends_on dependencies is throwing an Error
- Parametrizing backend in terraform on gcp
- AWS EKS Fargate pod scheduling issue with Prometheus deployment
- Terraform valdiate that one of N variables is set to "true"
- How to assign a value to a string variable, that includes embedded '=' in the value
- Terraform loop over Map variable to provision multiple Databricks catalogs
- Terraform OCI error when creating Network Load Balancer
- logiapp teams api connection terraform user sign in
- Difference between google_project_iam_* and other google_*_iam_* resources
- JSON representation of the current Terraform configuration
Related Questions in TERRAFORM-PROVIDER-AZURE
- How to consolidate duplicate blocks for Azure Role Assignments using Terraform?
- The 'condition' attribute is invalid - The value '@contains(string, 'substring')' is not within allowed values range
- B2c tenant Creation and creation of users/apps from main tenant using terraform. Is that possible?
- Media Service API failed - 400 bad request - Creation of new Media Service accounts are not allowed as the resource has been deprecated
- With Terraform, how do I integrate a basic-sku load balancer and basic-sku public ip address with an azurerm_kubernetes_cluster resource?
- How to Iterate over nested objects and create sub-resource inside dynamic block
- Authorization_RequestDenied on terraform apply
- Terraform Azure - No changes. Your infrastructure matches the configuration
- azure terraform linux aci connector CrashLoopBackOff
- Unable to create Azure Function keys, using terraform azapi
- How do I create an Azue SQL database user from a managed identity using Terraform?
- Terraform - Use certificate to authenticate azurerm in Remote execution mode
- Can't configure a value for "network_interface": its value will be decided │ automatically based on the result of applying this configuration
- Terraform azurerm_virtual_machine with managed OS disk options
- Terraform azure import multiple subnets
Related Questions in SRE
- Trying to create an SLI in GCP that uses logs-based metrics, and failing
- Unable to validate the token: Get "": unsupported protocol scheme ""
- Maximum number of canary releases per sprint in scrum
- Understand the thinking behind "slow error is even worse than a fast error"
- Azure Alerts for an Application Gateway Availability SLI
- Azure Chaos Studio with Chaos Mesh VNET Injection in Private Clusters Unsuccessful
- docker unable to delete default network
- how we set name of docker network in docker-compose
- How to put Grafana into maintenance mode?
- PromQL queries to for SLI(Service Level Indicator) indicators using prometheus/grafana and blackbox exporter
- Harbor registry proxy cache vs replication
- Does anyone have dataset that can be used for root cause analysis?
- Application Monitoring using sql and shell script
- Should an not found or empty response be always 404?
- Consul Serf Health Status
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
https://www.microsoft.com.After you have created the service principal you can open the below url in a private browser for adding it on another tenant:
It will ask for authorization on behalf of organization , you can accept it.
After the above is done , then you can login to portal of that tenant and go to enterprise application you will see that , provide role assignment for that subscription (owner/contributor).
Output:
Note: In my test case , I have used 2 vnets present in different tenants. I created a service principal in tenant A and provided contributor permissions to it in tenant B using the above methods and then used terraform to perform the vnet peering.