The "Please run az login to setup account" error occurs when Terraform cannot authenticate to Azure because the Azure CLI session has expired or is not authenticated. This error requires running az login to authenticate before Terraform can access your Azure resources.
This error occurs when the Azure provider in Terraform attempts to authenticate using Azure CLI credentials, but no valid authentication tokens are found. Terraform relies on the Azure CLI to authenticate to Azure by default when using the azurerm provider. The Azure CLI session can expire after 30 minutes of inactivity, or the user may never have logged in with az login. Additionally, in CI/CD pipelines or automated environments, the authentication context may not persist between jobs or executions.
Run the az login command to authenticate:
az loginThis will open a browser window where you can sign in with your Azure credentials. After successful authentication, return to your terminal.
Check that you are authenticated and can see your subscription:
az account showThis should display your current Azure subscription details including the subscription ID and tenant.
Now that you are authenticated with Azure CLI, Terraform can use those credentials:
terraform plan
terraform applyTerraform will use your Azure CLI authentication tokens automatically.
In automated environments, do not rely on az login. Instead, use Service Principal authentication by setting environment variables:
export ARM_CLIENT_ID="your-client-id"
export ARM_CLIENT_SECRET="your-client-secret"
export ARM_SUBSCRIPTION_ID="your-subscription-id"
export ARM_TENANT_ID="your-tenant-id"Terraform will automatically use these variables for authentication. Do not use az login --service-principal as Terraform does not support Service Principal authentication through the Azure CLI.
If you want to force Terraform to use only environment variables and not attempt CLI authentication, add this to your provider block:
provider "azurerm" {
features {}
use_cli = false
}Or set the environment variable:
export ARM_USE_CLI=falseIn Azure DevOps pipelines, use the AzureCLI@2 task to handle authentication:
- task: AzureCLI@2
inputs:
azureSubscription: 'your-service-connection'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
terraform plan
terraform applyThe AzureCLI@2 task automatically sets up the authentication context for Terraform.
Token Expiration: Azure CLI tokens expire after 30 minutes of inactivity. If you see this error after a long pause, simply run az login again.
Service Principal Limitation: When using a Service Principal, you cannot authenticate through az login --service-principal with Terraform. You must use the ARM_* environment variables instead.
Multi-Tenant: If you need to work across multiple Azure tenants, specify the tenant ID in the provider block or set ARM_TENANT_ID. You can also use az login --allow-no-subscriptions to force reporting of all tenants.
Docker/Kubernetes: In containerized environments, the Azure CLI session does not persist. Use Service Principal authentication with environment variables instead.
Cross-Cloud: If using Azure China, Germany Cloud, or Government Cloud, first configure az cloud set --name appropriately before running az login.
Error: Error rendering template: template not found
How to fix "template not found" error in Terraform
Error: Error generating private key
How to fix 'Error generating private key' in Terraform
Error creating Kubernetes Service: field is immutable
How to fix "field is immutable" errors in Terraform
Error: Error creating local file: open: permission denied
How to fix "Error creating local file: permission denied" in Terraform
Error: line endings have changed from CRLF to LF
Line endings have changed from CRLF to LF in Terraform