How to authenticate an Azure Provider to deploy Terraform code to National clouds (US Government or China)

Introduction

Microsoft have 2 National clouds (US Government and China) - they are physically isolated instances of Azure.

These regions are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries.

Use Case

This guide can be useful in case you need to deploy Terraform code to one of these clouds.

Procedure

• Configure the Azure CLI to work with that Cloud:

az cloud set --name AzureUSGovernment | AzureChinaCloud

• Login to the Azure CLI using:

az login

• Configure Azure provider similar to the following example:

provider "azurerm" {
  environment = "china"
  skip_provider_registration = true
  features {
  ...
  }
}

For environment argument, possible values are  usgovernment, china and  public(default)

skip_provider_registration flag is required to prevent auto-registration of the Resource Providers 

• Run terraform plan and terraform apply to test the deployment of Terraform code

Additional Information

• Authenticating using Azure CLI

• AzureRM provider documentation

• US Government cloud
• Azure China cloud