Configure a Subscription Account
To manage the resources of any type of subscription and gain access to CloudCheckr’s best practices, inventory, security, and utilization modules, follow this procedure.
- Log in to the Azure management portal associated with your subscription type:
- From the left navbar, click Azure Active Directory.
- Select Properties from the list.
- Copy the Tenant ID.
- In the Manage section of the Azure Active Directory blade, click App registrations.
- Click + New registration.
- Create your application:
- Type a name for your application.
- Under Supported account types, leave the default setting: accounts in this organizational directory only
- Under Redirect URI (optional), leave the default drop-down option, Web, and in the blank text field, type https://localhost
- Click Register.
- Copy the Application ID.
- In the Manage section of the application blade, click Certificates & secrets.
- Under Client secrets, click + New client secret.
- Type a name for the client secret, select when you want it to expire, and click Add.
- Copy the client secret and save it immediately since you will not be able to view it again.
- From the left navbar, click All Services.
- From the list, select Subscriptions.
- Click your subscription.
- Copy the Subscription ID.
Rather than assign a role to a subscription, you can assign the role to a resource group or specific resource:
- From the left navbar, click All Resources.
- Select the resource that you want CloudCheckr to monitor.
- Complete Step 2: Add a Role Assignment and the remaining steps in this topic.
- From the blade of the selected subscription, click Access control (IAM).
- Select Add > Add Role Assignment.
- Create a role assignment:
- From the Role drop-down list, select Reader.
- In the Assign access to drop-down list, leave the default option, Azure AD user, group, or service principal.
- In the Select text field, type the name of the application that you created.
- Click Save.
You will not get complete data in the Storage Account Inventory reports if you have a Reader role. Review the Enable Permissions for Storage Accounts topic to learn how to add the role that will give you adequate permissions to collect complete data.
- Launch CloudCheckr.
- From the Projects page, select an Azure partner.
- From the Accounts page, click NEW ACCOUNT.
The New Account page opens.
- Type a unique name for your account.
- From the Cloud Provider section, select Microsoft Azure from the drop-down menu.
- In the Navigation Visibility section, select the checkboxes next to the sections or modules that you want to be visible in the Azure account.
- At the bottom of the page, click Create.
The Configure Account page opens.
- From the Configure Account page, click the drop-down arrow and select Collect resource information from my Azure subscription from the drop-down menu.
- Paste the Tenant ID into the field associated with the Directory ID.
- Paste the Application ID into the Application ID field.
- Paste the client secret into the field associated with the key value.
- Paste the Subscription ID into the Subscription ID field.
This screen identifies the fields where you need to paste those values:
- From the Azure Account Type drop-down menu, select Commercial, Government, or Germany.
- Click Update.
If you have a Pay-as-You-Go subscription, CloudCheckr will automatically display the Edit Billing Configuration: Pay-as-You-Go Subscriptions page, but the options will be pertinent to usage and data collection.