Table of Contents |
---|
...
c) Go to Access Control (IAM) on the left → click +Add → Add role assignment:
...
d) Grant the Cloud Cloudaware application with access to the management group in question:
...
2. Type the description: ca-api-key
3. Set EXPIRES to: 730 days (24 months)
4. Click Add.
5. Save the secret value in a secure location.
...
6 - Grant Access To Key Vaults
Сloudaware has to be granted with the access to Key Vault* to check the expiration date of keys and secrets. Set up the access policy for the Cloudaware application on the Key Vault level.
*Cloudaware retrieves metadata only ('Azure Key Vault Key' and 'Azure Key Vault Secret' objects). No keys or secrets are accessible to Cloudaware.
...
If AKS cluster is AD managed, check this guide to set up the cluster role binding and grant required permissions to Cloudaware.
9 - Microsoft Devices Discovery (Intune) (optional)
Microsoft Intune is a cloud-based endpoint management solution helping to manage user access and simplify app and device management across Microsoft infrastructure. Learn more
...
Azure Active Directory Devices
Azure Active Directory Compliance Policies
Azure Active Directory Device Config
10 - Tagging Permissions for Cloudaware (optional)
Use the Tag Contributor role or create a custom role to define the scope of provided permissions on tagging (see 'Custom Role For Tagging').
...
The role Tag Contributor uses a recently released Azure API method. Learn more about the role
Cloudaware Setup
1 - Adding Azure Active Directory to Cloudaware
Anchor | ||||
---|---|---|---|---|
|
...
3. The green light in 'Status' means that the Azure Active Directory has been successfully added. If there is a red light, please contact support@cloudaware.com.
...
2 - Adding Azure Subscription to Cloudaware
If you haven't checked the checkbox 'Automatically Discover Subscriptions' as described in the previous section, follow these steps to add subscriptions manually.
...
5. Given the checkbox 'Automatically Discover Subscriptions' is checked, the tab 'Untracked Subscriptions' shows all Azure subscriptions that Cloudaware has discovered in your Active Directory but is not able to collect due to insufficient access caused by an incorrect role assigned (check step 5 in Assigning Role to Subscriptions ﹣ Reader by default or higher).
3 - Understanding Azure Application in Cloudaware
Credentials such as the Azure Active Directory Application ID (Client ID) and Client Secret are stored within the Azure Application entity in Cloudawarein Cloudaware. Please note that an Azure Application can only be created when adding Azure AD.
...