# Azure Connection

Setting up an Azure Service Principal is required to allow GRAX to manage infrastructure in your Azure account. This involves a few more steps than the AWS setup, but those steps are outlined below for both the Azure Portal and the Azure CLI.

## Azure Portal (GUI)

### Create the Service Principal

1. Navigate to the [Azure Portal](https://portal.azure.com/) and login with a user that has the necessary permissions to create service principals.
2. Search for and open the `App Registration` service.

   ![App Registrations](/files/NkuxkVTixJk6oPkiEHES)
3. Click `New registration`.

   ![New App Registration](/files/5nrNYTKBcWvPZ5Cyz9zx)
4. Name the team 'GRAX' or something similar in accordance with your business' naming conventions and click `Register`.
5. Copy the `Application (client) ID` and `Directory (tenant) ID` values from the Overview page to a safe location for later use.

   ![App Registration Overview](/files/CDAK196rznBUxNmwRipz)

### Create the Client Secret

1. Open the Service Principal you just created in the Azure Portal.
2. Click `Certificates & secrets`.
3. Click `New client secret`.
4. Name the secret 'GRAX' or something similar in accordance with your business' naming conventions.
5. Copy the `Value` of the secret to a safe location for later use.

### Assign the Service Principal a Role

1. Navigate to the subscription you wish to deploy GRAX into.
2. Click `Access control (IAM)`.
3. Click `Add role assignment`.

   ![Access Control (IAM)](/files/XNim7wTY3PrWtNrVl8ly)
4. Select the `Owner` role under `Privileged administrator roles`.

   ![Select Role](/files/5Xt6CqpGMi8tKD5nbu0k)
5. Click the `Members` tab then search for and select the Service Principal you created earlier.

   ![Select Member](/files/gEa3KgAR1Drt3vNgdIs3)
6. Use the `Review + assign` tab to save the role assignment.

### Configuring the Connection in GRAX

On the GRAX Platform team you'd like to use for creating a deployment, navigate to the `Connections` tab and click `Connect Azure`. Fill in the following values:

* `Tenant ID`: Use the `Directory (tenant) ID` value from the App Registration.
* `Subscription ID`: Use the subscription ID of the Azure subscription you wish to deploy into.
* `Client ID`: Use the `Application (client) ID` value from the App Registration.
* `Client Secret`: Use the `Value` of the client secret you created.

Click `Save` to save the connection.

## Azure CLI (`az`)

### Create a Service Principal

First, ensure that you are logged in:

```bash
az login
```

```json
[
  {
    "cloudName": "AzureCloud",
    "id": "subscrip-abcd-abcd-abcd-abcdabcdabcd",
    "isDefault": "true",
    "name": "Pay-As-You-Go",
    "state": "Enabled",
    "tenantId": "tenantab-abcd-abcd-abcd-abcdabcdabcd",
    "user": {
      "name": "john@example.com",
      "type": "user"
    }
  }
]
```

*Note: In the above JSON, id represents your Azure subscription id.*

Next, set your active subscription:

```bash
az account set --subscription="${id}"
```

Then, create a Service Principal to allow GRAX to manage infrastructure:

```bash
az ad sp create-for-rbac -n "GRAX" --scopes "/subscriptions/${id}" --role "Owner"
```

This returns the required authorization data for your Service Principal, as JSON.

```json
{
  "appId": "appidabc-abcd-efgh-abcd-efgh-abcdabcdabcd",
  "displayName": "John",
  "name": "http://example.com",
  "password": "password-abcd-efgh-abcd-efgh-abcdabcdabcd",
  "tenant": "tenantid-abcd-efgh-abcd-efgh-abcdabcdabcd"
}
```

Now you need to enter the following values into your Azure Connection details:

1. Click [Add Azure Connection](https://platform.grax.com/connections/new/azure).
2. Fill the values as follows:
   1. `Tenant ID`: Use the `"tenant"` value from the JSON.
   2. `Subscription ID`: This is your Azure subscription id.
   3. `Client ID`: Use the `"appId"` value from the JSON.
   4. `Client Secret`: Use the `"password"` value from the JSON.
3. Click `Save`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.grax.com/platform/connections/azure-connection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.