Multiple AZ connections through containers

The solution can be found here: source

Where am I?

I work in the Azure cloud and use the Azure CLI to manage resources and report on estate.

What is the problem?

I work with more than one account for more than one client and it is very easy to execute or report on the wrong organisation.

What do i need?

I want access to more than one cloud account at the same time as I query one and execute on another but it must be impossible or at the very least difficult to use the wrong shell.

What solutions did I look at?

I looked at running multiple virtual machines locally but this would eat a lot of resources and for what is essentially just a shell.

I looked at SSH to remote free Azure VMs as I dont need much power, but this again required resources I would need to manage for security and updates.

What did I do?

I realised I only needed shell access to run Azure CLI but I wanted to run them locally. This sounded ideal for containerisation so I looked at docker.

I created a docker-compose.yml that when you spin up docker-compose up -d will create a container configured for every cloud account in the configuration.

If we assume I have configured the solution to connect to two accounts: clienta and clientb, there would be two containers running connected to clienta and clientb respectively.

Now I open a terminal tab and run docker attach clienta and another terminal tab where I run docker attach clientb.

Now I have two terminal tabs connected to different cloud accounts.

Now this is all very simple and could be easily achieved manually. The difference for me here is that there is a script that will create an Azure service principal and configure the solution. Once configured I do not need to worry about any manual mistakes as the process is the same every time.

It is far easier to look through the tiny codebase in the project source above.

I will extend the solution to map the drive to my pwd and include other tools like terraform, tflint, checkov, terragrunt so I will be able to fully develop in a cloud account with all the same tools .