The following guide will show you how to set up your account to allow Costi to access it in a secure manner. To do this We will create a Service Principal for Costi.
There are two options: use a resource manager template or set up the role manually
Use a resource manager template:
Create the Service Principal manually:
Use Azure CLI to set the active subscription
Run the following command: az account set --subscription ""
Use Azure CLI to Create the Service Principal
Run the following command: az ad sp create-for-rbac -n "Costi" --create-cert
You should get a response similar to the one below:
Creating a role assignment under the scope of "/subscriptions/"
Please save the response. We will need some of the properties are needed later in the registration step
Now go to the Azure portal to add role assignments
You can use this script from the azure CLI to quickly assign the role to all subscriptions.
If you did not use the script, navigate to Subscriptions -> Access Control (IAM) -> Role Assignments
Add the following role assignments to the service principal:
Reader and Data Access
Storage Blob Data Reader
Register to CloudHiro
You will need the following values from the previously saved response to complete the registration form:
Client ID - “appId“ use XXX
Certificate - “fileWithCertAndPrivateKey”
Tenant Id - “tenant” use ZZZ
After registering to CloudHiro, confirm the email you got and login.
That's it, you're all set to go!
If you ever want to disallow access, you can simply remove the service principle: az ad sp delete --id "Costi".