This page provides a comprehensive guide to setting up the Microsoft Azure account and related secrets for security testing with Fluid Attacks' cloud security posture management (CSPM) module.
To make the connection with Azure, you need the following information:
You can find your Azure subscription ID through the Azure Portal by following these steps:
Sign in to the Azure portal.
In the left-hand sidebar, click on Subscriptions. If you do not see it there, you can use the search bar at the top to locate it.
The table displays all your Azure subscriptions. Copy the ID of the desired subscription.
To get these credentials you need to register an application with Azure Active Directory (Azure AD) and create a service principal:
Sign in to the Azure portal.
Click on Azure Active Directory in the left-hand sidebar and, under Manage, select App registrations.
Click the New registration button.
Provide the necessary information to register an application.
After registering, you are taken to the overview page for your application. There, you find the Application (client) ID and Directory (tenant) ID.
From the sidebar, choose Certificates & secrets.
Select Client secrets and click on New client secrets. Then, provide the secret's description, set its expiration and click on Add.
Make sure to copy and save the generated client secret, as it is shown to you on this screen only once.
You need to assign a role to the previously registered application in Microsoft Azure:
Log in to the Azure portal.
Click on All services in the left-hand menu, then search for and select Subscriptions.
Click on the desired subscription.
In the subscription settings, click on Access control (IAM), Add and Add a role assignment.
Select the role you want to assign to your application. You can either choose a built-in role (such as Owner, Contributor, Reader, etc.) or a custom role, if you have defined one. Then click Next.
For Assign access to, select the option User, group, or service principal. Click on the Select members button and search for and select your application by name. Then click on Select. You can optionally provide a description. When you are done, click Next.
After selecting the application, review the role assignment details. Confirm that you are assigning the correct role to the correct application.
Click the Save button to assign the selected role to your application.
Once the role assignment is complete, you should see the application listed in the Role assignments tab with the assigned role at the subscription level.
Navigate to your group's Scope section on Fluid Attacks' platform to add a CSPM environment. (If you need a refresher on how to reach this point, refer to Find the option for cloud integrations.)
Upon selecting Azure in Cloud name, you need to provide certain information. You can find definitions and steps to gather this information above on this page.