Configure a Subscription Account
To allow CloudCheckr to access the resources associated with your Azure subscription, you must create a connection between Azure and CloudCheckr.
In the Azure world, a subscription is a bundle of services and resources. Azure customers access those service and resources through the Azure Active Directory, which is Microsoft's cloud-based identity and access management tool.
To integrate your Azure subscription with CloudCheckr, you will need to perform two steps:
- In Azure, you will access your subscription and create and register an app that will communicate with Azure Active Directory.
- In CloudCheckr, you will apply the values associated with your Azure Active Directory account and new app to allow Cloudcheckr to monitor your resources.
Configure Your Subscription in Azure
- Log in to the Azure management portal.
- From the left navbar, click Azure Active Directory.
The Active Directory blade opens.
- Select Properties from the list. The Properties blade opens.
- Locate the directory ID and copy it.
- In the Manage section of the Azure Active Directory blade, click App registrations.
The App registration blade opens.
- Click New registration. The Register an application blade opens.
- Create your application:
- Type a name for your application.
- Under Supported account types, leave the default setting: accounts in this organizational directory only
- Under Redirect URI (optional), leave the default drop-down option, Web, and in the blank text field, type https://localhost
- Click Register. Details about your new app display on the right side of the screen.
- Copy the Application ID.
- In the Manage section of the application blade, click Certificates & secrets. The Certificates & secrets blade opens.
- Under Client secrets, click New client secret. The Add a client blade now displays.
- Type a name for the client secret, select when you want it to expire, and click Add.
Azure creates a new client secret.
- Copy the value of the client secret and save it immediately since you will not be able to view it again.
You will now have three values: Directory ID, Application ID, and the client secret.
- From the left navbar, click All Services.
The All Services blade opens.
- From the list, select Subscriptions. The Subscriptions blade opens.
- Click your subscription.
- Locate the Subscription ID and copy it.
As an alternative to steps 13-15, you can assign the role to a resource group or specific resource:
- From the left navbar, click All Resources.
- From the list, select the resource that you want CloudCheckr to monitor.
- Go to step 16 and complete the rest of the procedure.
- From the blade of the selected subscription, click Access control (IAM). The Access control (IAM) blade opens.
- Select Add > Add Role Assignment. The Add role assignment blade opens.
- Create a role assignment:
- From the Role drop-down list, select Reader.
- In the Select text field, type the name of the application that you created.
- Click Save. The Access control (IAM) blade lists your application with the Reader role.
Configure Your Subscription Account in CloudCheckr
Before CloudCheckr can access your Azure resources, you need to create an Azure account in CloudCheckr and configure that account to collect your resources from your Azure subscription.
- From the top right of the Partners page, click the NEW ACCOUNT button. The New Account screen displays.
- Type a name for your account. If needed, you can change the name later.
- From the Cloud Provider drop-down menu, select Microsoft Azure.
- Click Create.
The Configure Account page opens.
- Click the drop-down arrow and select Collect resource information from my Azure subscription from the drop-down menu. The Configuration page displays the subscription instructions.
- Provide the required information from the Azure portal.
- Directory ID
- Application ID
- Subscription ID
- Client secret
CloudCheckr is in the process of updating its instructions to match the most recent Azure changes. For now, paste the client secret in the text field associated with the key value.
- From the Azure Account Type drop-down menu, select Commercial, Government, or Germany.
- Click Update.
CloudCheckr will now begin to monitor your Azure resources.
If you have a Pay-as-You-Go subscription, CloudCheckr will automatically display the Edit Billing Configuration page, but the options will be pertinent to usage and data collection. Review the Edit Billing Configuration: Pay-as-You-Go Subscriptions topic for more information.