Microsoft Azure

target azure

Credentials

The following object illustrates how to securely pass your Azure API credentials within a config.

Name

Description

azure_subscription_id

the Azure subscription id

azure_tenant_id

the Azure directory tenant id

azure_client_id

the Azure application client id

azure_client_secret

the Azure client secret

Application & Subscription-Scoped RBAC

A prerequisite to using Azure as an orchestration target with Provide is registering a directory application and assigning the appropriate permissions via a custom role. This role should be created using the Access control (IAM) tool located within the Azure Subscriptions service. A sample role definition has been provided; you will need to update the assignableScopes section provided in the sample JSON with your subscription scope.

{
  "properties": {
    "roleName": "Provide Azure Role",
    "description": "permissions granted to Azure applications for use with Provide",
    "assignableScopes": [
      "/subscriptions/14e122a1-1a51-4ffa-b956-985f3e855394"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Blockchain/blockchainMembers/transactionNodes/write",
          "Microsoft.Blockchain/blockchainMembers/transactionNodes/read",
          "Microsoft.Blockchain/blockchainMembers/transactionNodes/delete",
          "Microsoft.Blockchain/blockchainMembers/write",
          "Microsoft.Blockchain/blockchainMembers/read",
          "Microsoft.Blockchain/blockchainMembers/delete",
          "Microsoft.Blockchain/register/action",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Network/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ]
  }
}

Register a new single-tenant application within the Azure Active Directory service, create a custom role (as describe above) and assign the role to the registered application.

PreviousGoogle Cloud Platform

Last updated 3 years ago