This Terraform script automates the onboarding of multiple Azure subscriptions to Prisma Cloud. Follow the steps below to configure your credentials and execute the script.
- Terraform installed on your machine. (Download Terraform)
- Prisma Cloud Access Key and Secret Key.
- Azure Subscriptions and an Enterprise Application set up in Azure Active Directory.
Create a .prismacloud_auth.json file in the root directory of the Terraform project with the following content:
{
"url": "api.eu.prismacloud.io",
"username": "<access_key>",
"password": "<secret_key>",
"protocol": "https"
}- Replace <access_key> with your Prisma Cloud access key.
- Replace <secret_key> with your Prisma Cloud secret key.
- Ensure the url matches your Prisma Cloud API endpoint (e.g., api.eu.prismacloud.io for the European region).
Note: Keep this file secure as it contains sensitive information.
Copy the example CSV file and rename it:
cp azure_example.csv azure.csvEdit azure.csv and fill in the details for each Azure subscription and Enterprise Application. The CSV should follow this format:
accountId,name,clientId,key,tenantId,servicePrincipalId
<subscription_id>,<subscription_name>,<application_id>,<application_secret>,<tenant_id>,<application_object_id>
- accountId: Azure Subscription ID.
- name: Name of the Azure Subscription.
- clientId: Application (client) ID of the Enterprise Application.
- key: Client secret of the Enterprise Application.
- tenantId: Azure Active Directory Tenant ID.
- servicePrincipalId: Object ID of the Enterprise Application.
Important: Ensure there are no extra spaces or line breaks in the CSV file.
Initialize the Terraform working directory:
terraform initReview the actions Terraform will perform:
terraform planApply the Terraform configuration to onboard the Azure subscriptions:
terraform applyType yes when prompted to confirm the operation.