Azure Connection

Setting up an Azure Service Principal is required to allow GRAX to manage infrastructure in your Azure account. This involves a few more steps than the AWS setup, but those steps are outlined below for both the Azure Portal and the Azure CLI.

Azure Portal (GUI)

Create the Service Principal

1. Navigate to the and login with a user that has the necessary permissions to create service principals.

2. Search for and open the App Registration service.
3. Click New registration.
4. Name the team 'GRAX' or something similar in accordance with your business' naming conventions and click Register.

5. Copy the Application (client) ID and Directory (tenant) ID values from the Overview page to a safe location for later use.

Create the Client Secret

1. Open the Service Principal you just created in the Azure Portal.

2. Click Certificates & secrets.

3. Click New client secret.

4. Name the secret 'GRAX' or something similar in accordance with your business' naming conventions.

5. Copy the Value of the secret to a safe location for later use.

Assign the Service Principal a Role

1. Navigate to the subscription you wish to deploy GRAX into.

2. Click Access control (IAM).

3. Click Add role assignment.
4. Select the Owner role under Privileged administrator roles.
5. Click the Members tab then search for and select the Service Principal you created earlier.
6. Use the Review + assign tab to save the role assignment.

Configuring the Connection in GRAX

On the GRAX Platform team you'd like to use for creating a deployment, navigate to the Connections tab and click Connect Azure. Fill in the following values:

• Tenant ID: Use the Directory (tenant) ID value from the App Registration.

• Subscription ID: Use the subscription ID of the Azure subscription you wish to deploy into.

• Client ID: Use the Application (client) ID value from the App Registration.

• Client Secret: Use the Value of the client secret you created.

Click Save to save the connection.

Azure CLI (az)

Create a Service Principal

First, ensure that you are logged in:

az login

[
  {
    "cloudName": "AzureCloud",
    "id": "subscrip-abcd-abcd-abcd-abcdabcdabcd",
    "isDefault": "true",
    "name": "Pay-As-You-Go",
    "state": "Enabled",
    "tenantId": "tenantab-abcd-abcd-abcd-abcdabcdabcd",
    "user": {
      "name": "john@example.com",
      "type": "user"
    }
  }
]

Note: In the above JSON, id represents your Azure subscription id.

Next, set your active subscription:

az account set --subscription="${id}"

Then, create a Service Principal to allow GRAX to manage infrastructure:

az ad sp create-for-rbac -n "GRAX" --scopes "/subscriptions/${id}" --role "Owner"

This returns the required authorization data for your Service Principal, as JSON.

{
  "appId": "appidabc-abcd-efgh-abcd-efgh-abcdabcdabcd",
  "displayName": "John",
  "name": "http://example.com",
  "password": "password-abcd-efgh-abcd-efgh-abcdabcdabcd",
  "tenant": "tenantid-abcd-efgh-abcd-efgh-abcdabcdabcd"
}

Now you need to enter the following values into your Azure Connection details:

2. Fill the values as follows:

   1. Tenant ID: Use the "tenant" value from the JSON.

   2. Subscription ID: This is your Azure subscription id.

   3. Client ID: Use the "appId" value from the JSON.

   4. Client Secret: Use the "password" value from the JSON.

3. Click Save