To authenticate with your Azure account, you will need to grant AutoCloud read-only access to your resources. This may either be done with Terraform (recommended) or through the Azure Portal.
This module provisions an Azure Application Registration and an Enterprise Application (Service Principal) granting cross account read-only access rights for AutoCloud's services to ingest your infrastructure.
- Head over to AutoCloud's Azure Terraform Module.
- Get the Provision Instructions, copy and paste into your Terraform configuration.
- The following assets will be created:
- azuread_application - Cross Account Application Registration
- azuread_service_principal - Cross Account Service Principal
- azuread_application_password - Client Secret needed to authenticate with the Application Registration
- azurerm_role_assignment - Role Assignment of permissions to the Application
- Copy the credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret.
Connecting to an Azure subscription is done using a Service Principal with a Client Secret. Follow the next steps:
- Log into Azure Portal
2. Navigate to the subscription you would like to visualize ( Home > Subscriptions)
3. Take note of Subscription ID. You will need this later.
4. Navigate to the default directory’s app registrations ( Home > Azure Active Directory > App Registrations)
5. Create App Registration
6. Take note of Application (client ID) and Directory (tenant) ID
7. Navigate to Certificates and Secrets
8. Create a new client secret for AutoCloud
9. Take note of the Client Secret value
10. Navigate to API Permissions
11. Add Directory.Read.All permission
12. Grant Admin Consent for the Directory.Read.All permission (replace image below and add the other permissions that need to be added)
13. Navigate to the subscription’s Access control (IAM) configuration
14. Add Reader Role Assignment
15. Add Security Reader Role Assignment
16. Add BillingReader Role Assignment
For more info, take a look at Azure's guide to get started.
- Go to Cloud Accounts
- Select "Add New" on top right corner
- Choose Azure as the provider.
4. Name your account and add a description, this will be the "Display Information"
5. AutoCloud requires a Service Principal with a Client Secret. You can generate it by clicking "Use Azure Portal" or use Terraform. Add your credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret and click Next.
6. Your Azure susbscription was onboarded and it's now being scanned!