On Demand Cloud Connect - Azure prerequisites
This section discusses the Azure prerequisites for using Evolution platform Cloud connect.
Here are the prerequisites:
- Register an application with Azure Active Directory (AD)
- Assign a role to the application.
Prerequisite 1: Register an Application with Azure Active Directory (AD)
On Demand Cloud Connect running uses Azure APIs to access and create resources such as a Virtual Network Gateway. To perform this, On Demand Cloud connect is represented as an application registered within Azure Active Directory (AD).
To register an application with an associated client secret please refer to Microsoft documentation:
When you have completed this prerequisite 1, you will have all four of the credentials needed to configure an Azure Cloud Credentials within Evolution platform Cloud connect:
- Subscription ID
- Tenant ID (also known as the Directory ID)
- Client ID (also known as the Application ID)
- Secret Key (the Value of the Secret ID)
Important notes:
- The subscription ID will be use by Evolution Platform to define URI of resources to be provisioned in your Azure environment consequently it is important to register the application in the same subscription you want to implement your Cloud Connector.
- This application (also known as Azure credentials) is also used by Evolution Platform to perform some checks, especially for Azure Private Self-made Cloud connectors where accessibility of certain resources, such as Express Route Circuit and associated Service Key, is realized. Therefore, the subscription ID must be the same as the subscription ID where the resource group containing the Express Route circuit associated with the service key defined for the Azure Private Self-Made connector is provisioned.
Prerequisite 2: Assign a Role to the Application
The role to be assign to the application registered in the previous process is Contributor role at subscription level.
Once you have registered the application, you must also grant the application the necessary permissions within Azure Active Directory (AD) to access and/or create resources within your Azure subscription. This is done through the assignment of roles to the service principal representing the application.
To grant the application the necessary permissions (Contributor at Subscription level) within Azure Active Directory please refer to Microsoft documentation:
- https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
- Please note that the example provided in the Azure documentation defines the role at the Resource Group level, you must apply the same mode of operation at the subscription level.