Add Microsoft Azure Credential

In order to allow Devopness to manage Azure resources on your behalf, Service Principal credentials have to be provided.

If you don't have access to an Azure account, you can create an account for free following the cloud provider specific guide Azure Free Services

  1. Log in to Azure Portal

  2. In the search bar, enter App registrations and select it

  3. In the navigation bar, select New registration

  4. Type the Name of the application

    • Tip: you might want to name the application as devopness to make it easier to track its activities
  5. Under Supported account types, select Accounts in this organizational directory only

  6. Under Redirect URI, select platform Web

  7. Click Register

  8. Copy the Application (client) ID as the value of client_id

  9. Copy the Directory (tenant) ID as the value of tenant_id

  10. In the navigation panel search bar on the left side, enter Certificates & secrets and select it

  11. In the Client secrets tab, click New client secret

  12. Type the Description of the client secret

  13. Choose one option for Expires time

  14. Click Add

  15. Copy the Value of the client secret as the value of client_secret

  16. In the search bar, enter Subscriptions and select it

  17. Click on the Subscription name link of one of the subscriptions in the list

  18. Copy the Subscription ID as the value of subscription_id

  19. In the navigation panel on the left side, select Access control (IAM)

  20. You can set permissions by using an Azure pre-defined role or creating a custom role with only the necessary permissions

    • Using a pre-defined role:
    1. In the navigation bar, click on Add and select Add role assignment
    2. In the Role - Privileged administrator roles tab, select Contributor role
    3. Click Next
    4. In the Members tab, click Select members
    5. In the Select members search bar, type the name of application and select it
    6. Click Select and click Review + assign
    7. Ensure the Role Contributor and expected application are selected
    8. Click Review + assign again
    • Using a custom role:
    1. In the navigation bar, click on Add and select Add custom role

    2. Type the Custom role name of the role

      • Tip: you might want to name the role as devopness to make it easier to identify
    3. Under Baseline permissions, select Start from scratch

    4. Click Next

    5. In the navigation bar, click on Add permissions

    6. Add each of the following permissions to the role:

      Permissions
      • - Microsoft.Authorization/roleAssignments {read}
      • - Microsoft.Authorization/roleDefinitions {read}
      • - Microsoft.Compute/disks {write}
      • - Microsoft.Compute/virtualMachines {deallocate/action, delete, read, restart/action, start/action, write}
      • - Microsoft.Network/networkInterfaces {delete, join/action, read, write}
      • - Microsoft.Network/networkSecurityGroups {delete, join/action, read, write}
      • - Microsoft.Network/networkSecurityGroups/securityRules {delete, read, write}
      • - Microsoft.Network/publicIPAddresses {delete, join/action, read, write}
      • - Microsoft.Network/virtualNetworks {delete, read, write}
      • - Microsoft.Network/virtualNetworks/subnets {delete, join/action, read, write}
      • - Microsoft.Resources/subscriptions/resourceGroups {read, write}
    7. After adding the permissions, click Review + create in the navigation bar

    8. Click Create

    9. In Access control (IAM) page, in the navigation bar, click on Add and select Add role assignment

    10. In the Role - Job function roles tab, search and select your custom role

    11. Click Next

    12. In the Members tab, click Select members

    13. In the Select members search bar, type the name of application and select it

    14. Click Select and click Review + assign

    15. Ensure the expected role and application are selected

    16. Click Review + assign again

  21. To add the credential to Devopness see Add a Credential