Registration Guide

Introduction

The following guide will show you how to set up your account to allow Costi to access it in a secure manner. To do this We will create a Service Principal for Costi.

There are two options: use a resource manager template or set up the role manually

Use a resource manager template:

Temporarily unavailable.

Create the Service Principal manually:

Use Azure CLI to set the active subscription

Run the following command: az account set --subscription ""

Use Azure CLI to Create the Service Principal

Run the following command: az ad sp create-for-rbac -n "Costi" --create-cert
You should get a response similar to the one below:

Creating a role assignment under the scope of "/subscriptions/"
{

• "appId": "XXX",

  "displayName": "Costi",

  "fileWithCertAndPrivateKey":" "/path/to/certificate/tmp123abc_v.pem"

  "name": "http://Costi",

  "password": "YYY",

  "tenant": "ZZZ"

}
Please save the response. We will need some of the properties are needed later in the registration step

Now go to the Azure portal to add role assignments

You can use this script from the azure CLI to quickly assign the role to all subscriptions.

If you did not use the script, navigate to Subscriptions -> Access Control (IAM) -> Role Assignments

Add the following role assignments to the service principal:

• Reader

  Billing Reader

  Reader and Data Access

  Storage Blob Data Reader

Register to CloudHiro

Register here.
You will need the following values from the previously saved response to complete the registration form:

• Client ID - “appId“ use XXX

  Certificate - “fileWithCertAndPrivateKey”

  Tenant Id - “tenant” use ZZZ

After registering to CloudHiro, confirm the email you got and login.

That's it, you're all set to go!

Rollback

If you ever want to disallow access, you can simply remove the service principle: az ad sp delete --id "Costi".