Add Microsoft Azure Credential
In order to allow Devopness to manage Azure resources on your behalf, Service Principal credentials have to be provided.
If you don't have access to an Azure account, you can create an account for free following the cloud provider specific guide Azure Free Services
-
Log in to Azure Portal
-
In the search bar, enter
App registrations
and select it -
In the navigation bar, select
New registration
-
Type the Name of the application
- Tip: you might want to name the application as
devopness
to make it easier to track its activities
- Tip: you might want to name the application as
-
Under Supported account types, select
Accounts in this organizational directory only
-
Under Redirect URI, select platform
Web
-
Click
Register
-
Copy the
Application (client) ID
as the value ofclient_id
-
Copy the
Directory (tenant) ID
as the value oftenant_id
-
In the navigation panel search bar on the left side, enter
Certificates & secrets
and select it -
In the Client secrets tab, click
New client secret
-
Type the Description of the client secret
-
Choose one option for Expires time
-
Click
Add
-
Copy the
Value
of the client secret as the value ofclient_secret
-
In the search bar, enter
Subscriptions
and select it -
Click on the
Subscription name
link of one of the subscriptions in the list -
Copy the
Subscription ID
as the value ofsubscription_id
-
In the navigation panel on the left side, select
Access control (IAM)
-
You can set permissions by using an Azure pre-defined role or creating a custom role with only the necessary permissions
- Using a pre-defined role:
- In the navigation bar, click on
Add
and selectAdd role assignment
- In the Role - Privileged administrator roles tab, select
Contributor
role - Click
Next
- In the Members tab, click
Select members
- In the
Select members
search bar, type the name of application and select it - Click
Select
and clickReview + assign
- Ensure the Role Contributor and expected application are selected
- Click
Review + assign
again
- Using a custom role:
-
In the navigation bar, click on
Add
and selectAdd custom role
-
Type the Custom role name of the role
- Tip: you might want to name the role as
devopness
to make it easier to identify
- Tip: you might want to name the role as
-
Under Baseline permissions, select
Start from scratch
-
Click
Next
-
In the navigation bar, click on
Add permissions
-
Add each of the following permissions to the role:
Permissions
- - Microsoft.Authorization/roleAssignments {read}
- - Microsoft.Authorization/roleDefinitions {read}
- - Microsoft.Compute/disks {write}
- - Microsoft.Compute/virtualMachines {deallocate/action, delete, read, restart/action, start/action, write}
- - Microsoft.Network/networkInterfaces {delete, join/action, read, write}
- - Microsoft.Network/networkSecurityGroups {delete, join/action, read, write}
- - Microsoft.Network/networkSecurityGroups/securityRules {delete, read, write}
- - Microsoft.Network/publicIPAddresses {delete, join/action, read, write}
- - Microsoft.Network/virtualNetworks {delete, read, write}
- - Microsoft.Network/virtualNetworks/subnets {delete, join/action, read, write}
- - Microsoft.Resources/subscriptions/resourceGroups {read, write}
-
After adding the permissions, click
Review + create
in the navigation bar -
Click
Create
-
In Access control (IAM) page, in the navigation bar, click on
Add
and selectAdd role assignment
-
In the Role - Job function roles tab, search and select
your custom role
-
Click
Next
-
In the Members tab, click
Select members
-
In the
Select members
search bar, type the name of application and select it -
Click
Select
and clickReview + assign
-
Ensure the expected role and application are selected
-
Click
Review + assign
again
-
To add the credential to Devopness see Add a Credential