website logo
HomeTwitterLinkedInLogin ➡️
⌘K
Overview
Getting started
Connect an Account
AWS Account
Azure Subscription
GCP Project
Managing Accounts
Reverse Terraform
Asset Explorer/Reverse Terraform
Diff
Diff Email
Snapshot Diff
Ignored properties
Environment Explorer
Compliance
GraphQL API
IaC Catalog
Overview
Getting Started with Terraform Blueprints
Configuration
Producer Flow
Consumer Flow
CI/CD Configuration
Management
Security
Feedback/Contact
Docs powered by archbee 
14min

Azure Subscription

To authenticate with your Azure account, you will need to grant AutoCloud read-only access to your resources. This may either be done with Terraform or through the Azure Portal.

Create a Service Principal with a Client Secret

Use Terraform to Create a Service Principal with a Client Secret

This module provisions an Azure Application Registration and an Enterprise Application (Service Principal) granting cross account read-only access rights for AutoCloud's services to ingest your infrastructure.

  1. Head over to AutoCloud's Azure Terraform Module.
  2. Get the Provision Instructions, copy and paste into your Terraform configuration.
  3. The following assets will be created:
    • azuread_application - Cross Account Application Registration
    • azuread_service_principal - Cross Account Service Principal
    • azuread_application_password - Client Secret needed to authenticate with the Application Registration
    • azurerm_role_assignment - Role Assignment of permissions to the Application
  4. Copy the credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret.


Use Azure Portal to create a Service Principal with a Client Secret

Connecting to an Azure subscription is done using a Service Principal with a Client Secret. Follow the next steps:

  1. Log into Azure Portal


2. Navigate to the subscription you would like to visualize ( Home > Subscriptions)



3. Take note of Subscription ID. You will need this later.

4. Navigate to the default directory’s app registrations ( Home > Azure Active Directory > App Registrations)



5. Create App Registration



6. Take note of Application (client ID) and Directory (tenant) ID



7. Navigate to Certificates and Secrets



8. Create a new client secret for AutoCloud



9. Take note of the Client Secret value



10. Navigate to API Permissions



11. Add Directory.Read.All permission



12. Grant Admin Consent for the Directory.Read.All permission (replace image below and add the other permissions that need to be added)



13. Navigate to the subscription’s Access control (IAM) configuration



14. Add Reader Role Assignment



15. Add Security Reader Role Assignment



16. Add BillingReader Role Assignment



For more info, take a look at Azure's guide guide to get started.

Connect an Azure Subscription to AutoCloud

  1. Go to Accounts
  2. Click on "Create New" in the top right corner.
  3. Pick Azure as a provider.
  4. Name your account and add a description.


5. AutoCloud requires a Service Principal with a Client Secret. You can generate it by clicking "Use Azure Portal" or use Terraform. Add your credentials, starting with Subscription ID, Tenant ID, Application ID and Client Secret and click Next.



6. You have now authenticated your Azure subscription to AutoCloud. Select the Services you would like to crawl.



7. Your environment is now being crawled.



8. You successfully created the first version of an Azure environment.



9. Click on VIEW to take a look at your Azure Environment





Updated 03 Mar 2023
Did this page help you?
Yes
No
UP NEXT
GCP Project
Docs powered by archbee 
TABLE OF CONTENTS
Create a Service Principal with a Client Secret
Use Terraform to Create a Service Principal with a Client Secret
Use Azure Portal to create a Service Principal with a Client Secret
Connect an Azure Subscription to AutoCloud