Utilizing Terraform Providers to Deploy or Reference Another Azure Subscription

Employing a Terraform Provider tailored for Azure enables seamless interaction with Azure resources and services through Terraform. When targeting deployment to an alternate Azure subscription, specifying the subscription ID within the provider block of your Terraform configuration file is pivotal.

Below illustrates the methodology of specifying the subscription ID within the provider block for both single and multiple subscription scenarios:

# Single provider reference
provider "azurerm" {
  features {}
}

# Multiple providers referencing different subscriptions
provider "azurerm" {
  subscription_id = "subscription-id-2"
  features {}
  alias = "hub_sub"
}

provider "azurerm" {
  subscription_id = "subscription-id-3"
  features {}
  alias = "spoke_sub"
}

In the provided Terraform configuration, three Azure azurerm providers are delineated, each aligned with a distinct subscription ID. The initial provider serves as the default, while the subsequent two are aliased as "subscription_2" and "subscription_3" correspondingly. This enables unambiguous referencing of each provider in Terraform configurations, facilitating resource creation or referencing across multiple subscriptions.
Deployment across disparate Azure subscriptions necessitates a combined approach of authenticating to each subscription and configuring Terraform accordingly. Preceding this endeavor, ensuring that the designated service principal possesses requisite permissions across all target subscriptions is imperative.
In the subsequent example, the deployment of three resource groups into separate subscriptions is exemplified through the establishment of requisite providers within provider.tf:

# Default provider
provider "azurerm" {
  subscription_id = "subscription-id-1"
  features {}
}

provider "azurerm" {
  subscription_id = "subscription-id-2"
  features {}
  alias = "subscription_2"
}

provider "azurerm" {
  subscription_id = "subscription-id-3"
  features {}
  alias = "subscription_3"
}

The above configuration delineates three provider blocks, each designated with a distinct subscription ID. The initial block serves as the default, while the subsequent blocks are aliased, enabling precise specification of the provider to utilize when creating resources.
In a main.tf file, deployment of resource groups across relevant provider subscriptions can be accomplished as follows:

resource "azurerm_resource_group" "tamops1" {
  name     = "resource-group-sub1"
  location = "uksouth"
}

resource "azurerm_resource_group" "tamops2" {
  name     = "resource-group-sub2"
  location = "uksouth"
  provider = azurerm.subscription_2
}

resource "azurerm_resource_group" "tamops3" {
  name     = "resource-group-sub3"
  location = "uksouth"
  provider = azurerm.subscription_3

Adhering to best practices, such as employing separate provider blocks for each subscription, utilizing aliases for clarity, leveraging Terraform modules for infrastructure reuse, and judiciously employing the provider attribute for precise specification, ensures robust management of multiple subscriptions with Terraform.