diff --git a/core/src/epicli/cli/engine/TerraformCommand.py b/core/src/epicli/cli/engine/TerraformCommand.py
index 68843574bd..96df16ee11 100644
--- a/core/src/epicli/cli/engine/TerraformCommand.py
+++ b/core/src/epicli/cli/engine/TerraformCommand.py
@@ -39,11 +39,13 @@ def run(self, command, env, auto_approve=False):
 
         self.logger.info('Running: "' + ' '.join(cmd) + '"')
 
+        cmd = ' '.join(cmd)
+
         logpipe = LogPipe(__name__)
-        with subprocess.Popen(cmd, stdout=logpipe, stderr=logpipe, env=env) as sp:
+        with subprocess.Popen(cmd, stdout=logpipe, stderr=logpipe, env=env,  shell=True) as sp:
             logpipe.close()
 
         if sp.returncode != 0:
-            raise Exception('Error running: "' + ' '.join(cmd) + '"')
+            raise Exception('Error running: "' + cmd + '"')
         else:
-            self.logger.info('Done running "' + ' '.join(cmd) + '"')
+            self.logger.info('Done running "' + cmd + '"')
diff --git a/core/src/epicli/cli/engine/TerraformRunner.py b/core/src/epicli/cli/engine/TerraformRunner.py
index f3b10e02b0..ee15b6d79f 100644
--- a/core/src/epicli/cli/engine/TerraformRunner.py
+++ b/core/src/epicli/cli/engine/TerraformRunner.py
@@ -20,24 +20,26 @@ def __enter__(self):
 
     def run(self):
         new_env = os.environ.copy()
+        self.terraform.init(env=new_env)
 
         #if the provider is Azure we need to login and setup service principle.
         if self.cluster_model.provider == 'azure':
-            subscription_id = self.azure_cli.login(self.cluster_model.specification.cloud.subscription_name)
-            sp_file = os.path.join(get_terraform_path(self.cluster_model.specification.name), SP_FILE_NAME)
-            if not os.path.exists(sp_file):
-                self.logger.info('Creating service principle')
-                sp = self.azure_cli.create_sp(self.cluster_model.specification.cloud.resource_group_name, subscription_id)
-                save_sp(sp, self.cluster_model.specification.name)
-            else:
-                self.logger.info('Using service principle from file')
-                sp = load_yaml_file(sp_file)
-
-            #Setup environment variables for Terraform when working with Azure.
-            new_env['ARM_SUBSCRIPTION_ID'] = subscription_id
-            new_env['ARM_CLIENT_ID'] = sp['appId']
-            new_env['ARM_CLIENT_SECRET'] = sp['password']
-            new_env['ARM_TENANT_ID'] = sp['tenant']
+            subscription = self.azure_cli.login(self.cluster_model.specification.cloud.subscription_name)
+
+            if self.cluster_model.specification.cloud.use_service_principle:
+                sp_file = os.path.join(get_terraform_path(self.cluster_model.specification.name), SP_FILE_NAME)
+                if not os.path.exists(sp_file):
+                    self.logger.info('Creating service principle')
+                    sp = self.azure_cli.create_sp(self.cluster_model.specification.cloud.resource_group_name, subscription['id'])
+                    save_sp(sp, self.cluster_model.specification.name)
+                else:
+                    self.logger.info('Using service principle from file')
+                    sp = load_yaml_file(sp_file)
+
+                #Setup environment variables for Terraform when working with Azure.
+                new_env['ARM_SUBSCRIPTION_ID'] = subscription['id']
+                new_env['ARM_TENANT_ID'] = sp['tenant']
+                new_env['ARM_CLIENT_ID'] = sp['appId']
+                new_env['ARM_CLIENT_SECRET'] = sp['password']
 
-        self.terraform.init(env=new_env)
         self.terraform.apply(auto_approve=True, env=new_env)
\ No newline at end of file
diff --git a/core/src/epicli/cli/engine/azure/AzureCommand.py b/core/src/epicli/cli/engine/azure/AzureCommand.py
index eefbb81560..9917aa50cc 100644
--- a/core/src/epicli/cli/engine/azure/AzureCommand.py
+++ b/core/src/epicli/cli/engine/azure/AzureCommand.py
@@ -16,7 +16,7 @@ def login(self, subscription_name):
         if subscription is None:
             raise Exception(f'User does not have access to subscription: "{subscription_name}"')
         self.run(self, f'az account set --subscription {subscription["id"]}')
-        return subscription['id']
+        return subscription
 
     def create_sp(self, app_name, subscription_id):
         #TODO: make role configurable?
@@ -35,7 +35,7 @@ def run(self, cmd):
         with Popen(cmd, stdout=PIPE, stderr=logpipe, shell=True) as sp:
             logpipe.close()
             try:
-                data = sp.stdout.read().decode("utf-8")
+                data = sp.stdout.read().decode('utf-8')
                 data = re.sub(r'\s+', '', data)
                 data = re.sub(r'(\x9B|\x1B\[)[0-?]*[ -\/]*[@-~]', '', data)
                 output = json.loads(data)
diff --git a/core/src/epicli/data/common/defaults/epiphany-cluster.yml b/core/src/epicli/data/common/defaults/epiphany-cluster.yml
index 783e34901a..320aa7e110 100644
--- a/core/src/epicli/data/common/defaults/epiphany-cluster.yml
+++ b/core/src/epicli/data/common/defaults/epiphany-cluster.yml
@@ -11,8 +11,10 @@ specification:
     key_path: /root/.ssh/epiphany-operations/id_rsa # YOUR-SSH-KEY-PATH
   cloud:
     subscription_name: YOUR-SUB-NAME
+    resource_group_name: YOUR-RESOURCE-GROUP-NAME
     vnet_address_pool: 10.1.0.0/20
     use_public_ips: False # When not using public IPs you have to provide connectivity via private IPs (VPN)
+    use_service_principle: False
     region: eu-west-2
     credentials: # todo change it to get credentials from vault
       key: 3124-4124-4124