website logo
HomeTwitterLinkedInLogin ➡️
⌘K
Overview
Getting started
The Intelligent IaC Difference
Connect Cloud Accounts
AWS Account
Azure Subscription
GCP Project
Managing Cloud Accounts
What are Accounts
Credentials
Scanning Options
Changelog
Compliance
CI/CD
IaC Explorer
IaC Explorer Overview
Codifier
Generating Terraform
Terraform Remote State File Integration
IaC Catalog
Overview
Getting Started
Configuration
Producer Flow
Consumer Flow
Reference
GraphQL API
Management
Security
Feedback/Contact
Docs powered by
Archbee
Connect Cloud Accounts

Azure Subscription

13min

To authenticate with your Azure account, you will need to grant AutoCloud read-only access to your resources. This may either be done with Terraform (recommended) or through the Azure Portal.

Create a Service Principal with a Client Secret

Use Terraform to Create a Service Principal with a Client Secret

This module provisions an Azure Application Registration and an Enterprise Application (Service Principal) granting cross account read-only access rights for AutoCloud's services to ingest your infrastructure.

  1. Head over to AutoCloud's Azure Terraform Module.
  2. Get the Provision Instructions, copy and paste into your Terraform configuration.
  3. The following assets will be created:
    • azuread_application - Cross Account Application Registration
    • azuread_service_principal - Cross Account Service Principal
    • azuread_application_password - Client Secret needed to authenticate with the Application Registration
    • azurerm_role_assignment - Role Assignment of permissions to the Application
  4. Copy the credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret.
Document image


Use Azure Portal to create a Service Principal with a Client Secret

Connecting to an Azure subscription is done using a Service Principal with a Client Secret. Follow the next steps:

  1. Log into Azure Portal
Document image


2. Navigate to the subscription you would like to visualize ( Home > Subscriptions)

Document image


3. Take note of Subscription ID. You will need this later.

4. Navigate to the default directory’s app registrations ( Home > Azure Active Directory > App Registrations)

Document image


5. Create App Registration

Document image


6. Take note of Application (client ID) and Directory (tenant) ID

Document image


7. Navigate to Certificates and Secrets

Document image


8. Create a new client secret for AutoCloud

Document image


9. Take note of the Client Secret value

Document image


10. Navigate to API Permissions

Document image


11. Add Directory.Read.All permission

Document image


12. Grant Admin Consent for the Directory.Read.All permission (replace image below and add the other permissions that need to be added)

Document image


13. Navigate to the subscription’s Access control (IAM) configuration

Document image


14. Add Reader Role Assignment

Document image


15. Add Security Reader Role Assignment

Document image


16. Add BillingReader Role Assignment

Document image


For more info, take a look at Azure's guide to get started.

Connect an Azure Subscription to AutoCloud

  1. Go to Cloud Accounts
  2. Select "Add New" on top right corner
  3. Choose Azure as the provider.
Document image


4. Name your account and add a description, this will be the "Display Information"

5. AutoCloud requires a Service Principal with a Client Secret. You can generate it by clicking "Use Azure Portal" or use Terraform. Add your credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret and click Next.

Document image


6. Your Azure susbscription was onboarded and it's now being scanned!

Document image




Updated 26 Jul 2023
Did this page help you?
PREVIOUS
AWS Account
NEXT
GCP Project
Docs powered by
Archbee
TABLE OF CONTENTS
Create a Service Principal with a Client Secret
Use Terraform to Create a Service Principal with a Client Secret
Use Azure Portal to create a Service Principal with a Client Secret
Connect an Azure Subscription to AutoCloud
Docs powered by
Archbee