21min

Azure Subscription

To authenticate with your Azure account, you will need to grant AutoCloud read-only access to your resources. This may either be done with Terraform or through the Azure Portal.

Create a Service Principal with a Client Secret

Use Terraform to Create a Service Principal with a Client Secret

This module provisions an Azure Application Registration and an Enterprise Application (Service Principal) granting cross account read-only access rights for AutoCloud's services to ingest your infrastructure.

  1. Head over to AutoCloud's Azure Terraform Module.
  2. Get the Provision Instructions, copy and paste into your Terraform configuration.
  3. The following assets will be created:
    • azuread_application - Cross Account Application Registration
    • azuread_service_principal - Cross Account Service Principal
    • azuread_application_password - Client Secret needed to authenticate with the Application Registration
    • azurerm_role_assignment - Role Assignment of permissions to the Application
  4. Copy the credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret.
Document image

Use Azure Portal to create a Service Principal with a Client Secret

Connecting to an Azure subscription is done using a Service Principal with a Client Secret. Follow the next steps:

  1. Log into Azure Portal
Document image

2. Navigate to the subscription you would like to visualize ( Home > Subscriptions)

Document image

3. Take note of Subscription ID. You will need this later.

4. Navigate to the default directory’s app registrations ( Home > Azure Active Directory > App Registrations)

Document image

5. Create App Registration

Document image

6. Take note of Application (client ID) and Directory (tenant) ID

Document image

7. Navigate to Certificates and Secrets

Document image

8. Create a new client secret for AutoCloud

Document image

9. Take note of the Client Secret value

Document image

10. Navigate to API Permissions

Document image

11. Add Directory.Read.All permission

Document image

12. Grant Admin Consent for the Directory.Read.All permission (replace image below and add the other permissions that need to be added)

Document image

13. Navigate to the subscription’s Access control (IAM) configuration

Document image

14. Add Reader Role Assignment

Document image

15. Add Security Reader Role Assignment

Document image

16. Add X Role Assignment



For more info, take a look at Azure's guide guide to get started.

Connect an Azure Subscription to AutoCloud

  1. Go to Accounts
  2. Click on "Create New" in the top right corner.
  3. Pick Azure as a provider.
  4. Name your account and add a description.
Document image

5. AutoCloud requires a Service Principal with a Client Secret. You can generate it by clicking "Use Azure Portal" or use Terraform. Add your credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret and click Next.

Document image

6. You have now authenticated your Azure subscription to AutoCloud. Select the Services you would like to crawl.

Document image

7. Your environment is now being crawled.

Document image

8. You successfully created the first version of an Azure environment.

Document image

9. Click on VIEW to take a look at your Azure 3D environment.

Document image
Document image



Updated 21 Jun 2022
Did this page help you?
Yes
No
UP NEXT
GCP Project
Docs powered by archbee