Add Microsoft Azure Credential

In order to allow Devopness to manage Azure resources on your behalf, Service Principal credentials have to be provided.

If you don't have access to an Azure account, you can create an account for free following the cloud provider specific guide Azure Free Services

Log in to Azure Portal
In the search bar, enter App registrations and select it
In the navigation bar, select New registration
Type the Name of the application
- Tip: you might want to name the application as devopness to make it easier to track its activities
Under Supported account types, select Accounts in this organizational directory only
Under Redirect URI, select platform Web
Click Register
Copy the Application (client) ID as the value of client_id
Copy the Directory (tenant) ID as the value of tenant_id
In the navigation panel search bar on the left side, enter Certificates & secrets and select it
In the Client secrets tab, click New client secret
Type the Description of the client secret
Choose one option for Expires time
Click Add
Copy the Value of the client secret as the value of client_secret
In the search bar, enter Subscriptions and select it
Click on the Subscription name link of one of the subscriptions in the list
Copy the Subscription ID as the value of subscription_id
In the navigation panel on the left side, select Access control (IAM)
You can set permissions by using an Azure pre-defined role or creating a custom role with only the necessary permissions
- Using a pre-defined role:
note
1. In the navigation bar, click on Add and select Add role assignment
2. In the Role - Privileged administrator roles tab, select Contributor role
3. Click Next
4. In the Members tab, click Select members
5. In the Select members search bar, type the name of application and select it
6. Click Select and click Review + assign
7. Ensure the Role Contributor and expected application are selected
8. Click Review + assign again
- Using a custom role:
note
1. In the navigation bar, click on Add and select Add custom role
2. Type the Custom role name of the role
  - Tip: you might want to name the role as devopness to make it easier to identify
3. Under Baseline permissions, select Start from scratch
4. Click Next
5. In the navigation bar, click on Add permissions
6. Add each of the following permissions to the role:
  Permissions
  
  Microsoft.Authorization/roleAssignments {read}
  
  Microsoft.Authorization/roleDefinitions {read}
  
  Microsoft.Compute/disks {write}
  
  Microsoft.Compute/virtualMachines {deallocate/action, delete, read, restart/action, start/action, write}
  
  Microsoft.Network/networkInterfaces {delete, join/action, read, write}
  
  Microsoft.Network/networkSecurityGroups {delete, join/action, read, write}
  
  Microsoft.Network/networkSecurityGroups/securityRules {delete, read, write}
  
  Microsoft.Network/publicIPAddresses {delete, join/action, read, write}
  
  Microsoft.Network/virtualNetworks {delete, read, write}
  
  Microsoft.Network/virtualNetworks/subnets {delete, join/action, read, write}
  
  Microsoft.Resources/subscriptions/resourceGroups {read, write}
7. After adding the permissions, click Review + create in the navigation bar
8. Click Create
9. In Access control (IAM) page, in the navigation bar, click on Add and select Add role assignment
10. In the Role - Job function roles tab, search and select your custom role
11. Click Next
12. In the Members tab, click Select members
13. In the Select members search bar, type the name of application and select it
14. Click Select and click Review + assign
15. Ensure the expected role and application are selected
16. Click Review + assign again
To add the credential to Devopness see Add a Credential