# Azure Connection Setting up an Azure Service Principal is required to allow GRAX to manage infrastructure in your Azure account. This involves a few more steps than the AWS setup, but those steps are outlined below for both the Azure Portal and the Azure CLI. ## Azure Portal (GUI) ### Create the Service Principal 1. Navigate to the [Azure Portal](https://portal.azure.com/) and login with a user that has the necessary permissions to create service principals. 2. Search for and open the `App Registration` service. ![App Registrations](https://3330797634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqjG14Rorm2T7JgMy0hrc%2Fuploads%2FbGAX5GeilDeuhvN9UIcM%2Fazure-app-registrations-search.png?alt=media\&token=3071a5a8-ace4-4822-a2bb-e984c5a831ba) 3. Click `New registration`. ![New App Registration](https://3330797634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqjG14Rorm2T7JgMy0hrc%2Fuploads%2FdM4F5e1ZVfA9x1sBvBXB%2Fazure-app-registrations-new.png?alt=media\&token=111184da-187c-4d3d-98ad-11fd89782912) 4. Name the team 'GRAX' or something similar in accordance with your business' naming conventions and click `Register`. 5. Copy the `Application (client) ID` and `Directory (tenant) ID` values from the Overview page to a safe location for later use. ![App Registration Overview](https://3330797634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqjG14Rorm2T7JgMy0hrc%2Fuploads%2FLbhy40qgdhOILUiRBNF7%2Fazure-app-registrations-details.png?alt=media\&token=ebde5c43-235a-4e37-b36c-b089b679e929) ### Create the Client Secret 1. Open the Service Principal you just created in the Azure Portal. 2. Click `Certificates & secrets`. 3. Click `New client secret`. 4. Name the secret 'GRAX' or something similar in accordance with your business' naming conventions. 5. Copy the `Value` of the secret to a safe location for later use. ### Assign the Service Principal a Role 1. Navigate to the subscription you wish to deploy GRAX into. 2. Click `Access control (IAM)`. 3. Click `Add role assignment`. ![Access Control (IAM)](https://3330797634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqjG14Rorm2T7JgMy0hrc%2Fuploads%2FH2mcY0HYzCNKSTHEoIPy%2Fazure-subscription-iam.png?alt=media\&token=4b372cb9-b60c-4279-9aa2-7382b5402442) 4. Select the `Owner` role under `Privileged administrator roles`. ![Select Role](https://3330797634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqjG14Rorm2T7JgMy0hrc%2Fuploads%2FhCZtGdBo5Nnho263Zj0i%2Fazure-iam-role-owner.png?alt=media\&token=cef4c3ec-190c-48dd-92bc-027a727d7bcc) 5. Click the `Members` tab then search for and select the Service Principal you created earlier. ![Select Member](https://3330797634-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqjG14Rorm2T7JgMy0hrc%2Fuploads%2FHLMEVPxjQG9K6x0WFAUN%2Fazure-iam-role-member.png?alt=media\&token=16a9e65f-094c-4670-8a52-aaeaeaa396c1) 6. Use the `Review + assign` tab to save the role assignment. ### Configuring the Connection in GRAX On the GRAX Platform team you'd like to use for creating a deployment, navigate to the `Connections` tab and click `Connect Azure`. Fill in the following values: * `Tenant ID`: Use the `Directory (tenant) ID` value from the App Registration. * `Subscription ID`: Use the subscription ID of the Azure subscription you wish to deploy into. * `Client ID`: Use the `Application (client) ID` value from the App Registration. * `Client Secret`: Use the `Value` of the client secret you created. Click `Save` to save the connection. ## Azure CLI (`az`) ### Create a Service Principal First, ensure that you are logged in: ```bash az login ``` ```json [ { "cloudName": "AzureCloud", "id": "subscrip-abcd-abcd-abcd-abcdabcdabcd", "isDefault": "true", "name": "Pay-As-You-Go", "state": "Enabled", "tenantId": "tenantab-abcd-abcd-abcd-abcdabcdabcd", "user": { "name": "john@example.com", "type": "user" } } ] ``` *Note: In the above JSON, id represents your Azure subscription id.* Next, set your active subscription: ```bash az account set --subscription="${id}" ``` Then, create a Service Principal to allow GRAX to manage infrastructure: ```bash az ad sp create-for-rbac -n "GRAX" --scopes "/subscriptions/${id}" --role "Owner" ``` This returns the required authorization data for your Service Principal, as JSON. ```json { "appId": "appidabc-abcd-efgh-abcd-efgh-abcdabcdabcd", "displayName": "John", "name": "http://example.com", "password": "password-abcd-efgh-abcd-efgh-abcdabcdabcd", "tenant": "tenantid-abcd-efgh-abcd-efgh-abcdabcdabcd" } ``` Now you need to enter the following values into your Azure Connection details: 1. Click [Add Azure Connection](https://platform.grax.com/connections/new/azure). 2. Fill the values as follows: 1. `Tenant ID`: Use the `"tenant"` value from the JSON. 2. `Subscription ID`: This is your Azure subscription id. 3. `Client ID`: Use the `"appId"` value from the JSON. 4. `Client Secret`: Use the `"password"` value from the JSON. 3. Click `Save`