To authenticate with your Azure account, you will need to grant AutoCloud read-only access to your resources. This may either be done with Terraform or through the Azure Portal.
Create a Service Principal with a Client Secret
Use Terraform to Create a Service Principal with a Client Secret
This module provisions an Azure Application Registration and an Enterprise Application (Service Principal) granting cross account read-only access rights for AutoCloud's services to ingest your infrastructure.
- Head over to AutoCloud's Azure Terraform Module.
- Get the Provision Instructions, copy and paste into your Terraform configuration.
- The following assets will be created:
- azuread_application - Cross Account Application Registration
- azuread_service_principal - Cross Account Service Principal
- azuread_application_password - Client Secret needed to authenticate with the Application Registration
- azurerm_role_assignment - Role Assignment of permissions to the Application
- Copy the credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret.
Use Azure Portal to create a Service Principal with a Client Secret
Connecting to an Azure subscription is done using a Service Principal with a Client Secret. Follow the next steps:
- Log into Azure Portal
2. Navigate to the subscription you would like to visualize ( Home > Subscriptions)
3. Take note of Subscription ID. You will need this later.
4. Navigate to the default directory’s app registrations ( Home > Azure Active Directory > App Registrations)
5. Create App Registration
6. Take note of Application (client ID) and Directory (tenant) ID
7. Navigate to Certificates and Secrets
8. Create a new client secret for AutoCloud
9. Take note of the Client Secret value
10. Navigate to API Permissions
11. Add Directory.Read.All permission
12. Grant Admin Consent for the Directory.Read.All permission (replace image below and add the other permissions that need to be added)
13. Navigate to the subscription’s Access control (IAM) configuration
14. Add Reader Role Assignment
15. Add Security Reader Role Assignment
16. Add BillingReader Role Assignment
For more info, take a look at Azure's guide guide to get started.
Connect an Azure Subscription to AutoCloud
- Go to Accounts
- Click on "Create New" in the top right corner.
- Pick Azure as a provider.
- Name your account and add a description.
5. AutoCloud requires a Service Principal with a Client Secret. You can generate it by clicking "Use Azure Portal" or use Terraform. Add your credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret and click Next.
6. You have now authenticated your Azure subscription to AutoCloud. Select the Services you would like to crawl.
7. Your environment is now being crawled.
8. You successfully created the first version of an Azure environment.
9. Click on VIEW to take a look at your Azure Environment