I ran into an issue today trying to use the azurerm provider in Terraform. I needed to create a Key Vault, then add myself as an access policy so that in the same .tf I could add a certificate. Once I saw a similarly frustrated user on Serverfault, I decided to figure this out.

What I came up with was a powershell script that used the az cli to get the current user's object id.

Here is a demo of the solution, also posted as my answer:

$t = az ad signed-in-user show
$t = "$t"
$j = ConvertFrom-Json $t
Write-Output "{`"object_id`":`"$($j.objectId)`"}"


provider "azurerm" {
  subscription_id = var.subscription_id

data "external" "user" {
  program = ["powershell.exe", "${path.module}/scripts/getuser.ps1"]

output "object_id" {
    value = data.external.user.result.object_id

Keep in mind az ad signed-in-user is fairly new so make sure everything is up to date.