I’m setting up a CI/CD pipeline in Azure DevOps to automate Terraform deployments. My service connection uses a federated identity and a user-assigned managed identity for authentication. Despite my efforts, I’m encountering issues during the terraform init step, where the process fails to authenticate correctly.

Pipeline Configuration:

Here’s the configuration of my Azure DevOps pipeline:

    trigger:
- none

variables:
  terraform_version: '1.8.5'
  azure_service_connection_name: 'it-sandbox-connection'

parameters:
  - name: resource_group
    displayName: 'Resource Group'
    type: string
    default: 'browser-euw-poc-rg-01'
    values:
      - browser-poc-rg-01
      - centralrepository-euw-poc-rg-01
      - data-euw-poc-rg-01

  - name: terraform_action
    displayName: 'Terraform Action'
    type: string
    default: 'plan'
    values:
      - plan
      - apply
      - destroy

pool:
  vmImage: 'ubuntu-latest'

stages:
  - stage: Terraform
    jobs:
      - job: InstallTerraform
        displayName: 'Install Terraform'
        steps:
          - task: TerraformInstaller@0
            inputs:
              terraformVersion: '$(terraform_version)'

      - job: InitTerraform
        displayName: 'Initialize Terraform'
        dependsOn: InstallTerraform
        steps:
          - checkout: self
          
          - task: TerraformCLI@0
            displayName: 'Terraform Init'
            inputs:
              command: 'init'
              workingDirectory: '$(Build.SourcesDirectory)/terraform/${{ parameters.resource_group }}'
              backendServiceArm: '$(azure_service_connection_name)'

      - job: TerraformPlanApplyDestroy
        displayName: 'Run Terraform Action'
        dependsOn: InitTerraform
        condition: succeeded()
        steps:
          - checkout: self

          - task: TerraformCLI@0
            displayName: 'Run Terraform Action'
            inputs:
              command: '$(parameters.terraform_action)'
              workingDirectory: '$(Build.SourcesDirectory)/terraform/${{ parameters.resource_group }}'
              environmentServiceNameAzureRM: '$(azure_service_connection_name)'
              commandOptions: '-var-file=terraform.tfvars'

Provider Configuration:

    terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.39.1"
    }
  }

  backend "azurerm" {
    resource_group_name  = "terraform-rg-01"
    storage_account_name = "terrastatepocst01"
    container_name       = "tfstate"
    key                  = "browser-euw-poc-rg-01/terraform.tfstate"
  }
}

provider "azurerm" {
  features {
    key_vault {
      purge_soft_delete_on_destroy = false
    }
  }
  skip_provider_registration = true
}

During terraform init i get this error:

    Initializing the backend...
Initializing modules...
- app_service_plan in ../modules/app_service_plan
- storage_account in ../modules/storage_account
- web_app in ../modules/web_app
╷
│ Error: Error building ARM Config: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.
│ 

User assigned identity has contributor on subscription