0

A service principle can be created to control the access to a specific resource in azure. For example azure ACR's service principle can be created in according to the official page

My question is that can I create the service principle before the azure ACR has been created. I'm asking because I need to create a azure ACR by Terraform, and I would like to add service principle and assign role to it. But at that moment I don't even have a ACR, it would be a chicken and eggs question. Can I already created the service principle before the provisioning of the ACR resource by Terraform?

SLN
  • 4,772
  • 2
  • 38
  • 79

1 Answers1

1

Of course, you can. You can pre-create the service principal for the things that will use the service principal in the future and then use it. So when you create the ACR, it means you need to use an existing service principal. Just follow the steps.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • Thanks Charles. If the application/resource that the service principle attached to is deleted, is that means the service principle will also removed with the application/resource (if that is the only one using this service principle) – SLN Oct 01 '20 at 09:01
  • @SLN No, the service principal will still exist, just do not have the resource permission. – Charles Xu Oct 02 '20 at 01:08
  • what would be the purpose of the service principal has no resource attached with? Can I just delete it for a best practice? – SLN Oct 02 '20 at 01:34
  • 1
    @SLN Yes, you can delete it if it does not have any resource permission or leave it for the later use. – Charles Xu Oct 02 '20 at 01:37