Get account information from Azure's portal
- Log in to your Azure account
- Search "Azure Active Directory" from the top search text box and select it
- Copy the tenant id and keep it in a safe place. We will need it while adding information on InfraGuard
- On the side menu of the same page click on "App registrations" and select "New registration"
- Enter the name as
Infraguard app
- Make sure "Single Tenent" is selected in Supported Account types
- In Redirect URI select "Web" from the list and enter
https://app.infraguard.io
in the text box next to it - Click on Register
- Now your application is registered. Copy the "Application (Client) ID" and keep it in a safe place
- Go to "Certificates and Secrets" from the left menu and click on the "New Client Secret" button
- Enter description as
Infraguard key
and select "24 months" in the "EXPIRES" option radio button - Click on Add
- This will generate a new client secret key. Copy the value column item and keep it in a safe place with the name
Client Secret
- Now search "Subscription" on the top search text box and go to your current subscription and copy the subscription id and put it in a safe place
- Select "Access control(IAM)" from the menu of your subscription and click on "+Add" and select custom role
- Enter your custom role name as "InfraGuard-role"
- Select JSON click on edit and insert the following:
{
"properties": {
"roleName": "InfraGuard-role",
"description": "",
"assignableScopes": [
"/subscriptions/<INSERT YOUR SUBSCRIPTION ID>"
],
"permissions": [
{
"actions": [
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/read",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/runCommands/write",
"Microsoft.Compute/virtualMachines/runCommands/read",
"Microsoft.Compute/virtualMachines/runCommand/action",
"Microsoft.Compute/virtualMachines/assessPatches/action",
"Microsoft.Compute/virtualMachines/installPatches/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
- Replace <INSERT YOUR SUBSCRIPTION ID> with your subscription id in the 6th line and click on Save
- Then select "Review + Create" and then Create. The role is created. Click OK to return to the IAM role page
- Click on the "add a role assignment" button on the card "Grant access to this resource" on right
- Now select the "Role" tab and search for "InfraGuard-role". Select this role and click Next
- In the Member tab click on "+Select Member" and search for "Infraguard app" on the right side below Select Members
- Select Infraguard app and click on select. Then click on "Review and Assign"
Onboard your servers to InfraGuard
- Log onto app.infraguard.io Account
- Select CLUSTER from side-menu
- Click on “Create Azure cluster”
- Add any relevant Name
- Add Tenant ID, Subscription ID, Client ID, and Client Secret as created and copied in the previous section
- Click ‘Sync’ to make your newly added server appear in the list of servers
- Wait for some time before you click on ‘Servers’ to get your list of servers for that Role ARN