Set up an Azure integration
This page provides a comprehensive guide to setting up the Microsoft Azure account and related secrets for security testing with Fluid Attacks' cloud security posture management (CSPM) module.
To make the connection with Azure, you need the following information:
- Azure Subscription ID: The unique identifier for your Azure subscription, which provides access to Azure's cloud platform resources and services
- AZURE_CLIENT_ID: The identifier representing your client application in Azure
- AZURE_CLIENT_SECRET: The alphanumeric password for your client application
- AZURE_TENANT_ID: The directory ID, a unique identifier for your Azure Active Directory (Azure AD), used for authentication and authorization purposes when interacting with Azure resources and services within that tenant
Manual configuration from Azure portal
Get Azure subscription ID
You can find your Azure subscription ID through the Azure Portal by following these steps:
-
Sign in to the Azure portal.
-
In the left-hand sidebar, click on Subscriptions. If you do not see it there, you can use the search bar at the top to locate it.
-
The table displays all your Azure subscriptions. Copy the ID of the desired subscription.
Get Azure secrets and other necessary credentials
To get these credentials you need to register an application with Azure Active Directory (Azure AD) and create a service principal:
-
Sign in to the Azure portal.
-
Click on Azure Active Directory in the left-hand sidebar and, under Manage, select App registrations.
-
Click the New registration button.
-
Provide the necessary information to register an application.
- Name: A name for your application
-
Supported account types: The appropriate account types that can use the application
- Redirect URI: The URL where Azure AD should send authentication responses, which can be the URL of your application
-
After registering, you are taken to the overview page for your application. There, you find the Application (client) ID and Directory (tenant) ID.
-
From the sidebar, choose Certificates & secrets.
-
Select Client secrets and click on New client secrets. Then, provide the secret's description, set its expiration and click on Add.
-
Make sure to copy and save the generated client secret, as it is shown to you on this screen only once.
Assign a role to the application
You need to assign a role to the previously registered application in Microsoft Azure:
-
Log in to the Azure portal.
-
Click on All services in the left-hand menu, then search for and select Subscriptions.
-
Click on the desired subscription.
-
In the subscription settings, click on Access control (IAM), Add and Add a role assignment.
-
Select the role you want to assign to your application. You can either choose a built-in role (such as Owner, Contributor, Reader, etc.) or a custom role, if you have defined one. Then click Next.
-
For Assign access to, select the option User, group, or service principal. Click on the Select members button and search for and select your application by name. Then click on Select. You can optionally provide a description. When you are done, click Next.
-
After selecting the application, review the role assignment details. Confirm that you are assigning the correct role to the correct application.
-
Click the Save button to assign the selected role to your application.
Once the role assignment is complete, you should see the application listed in the Role assignments tab with the assigned role at the subscription level.
Azure setup on Fluid Attacks' platform
Navigate to your group's Scope section on Fluid Attacks' platform to add a CSPM environment. (If you need a refresher on how to reach this point, refer to Find the option for cloud integrations.)
Upon selecting Azure in Cloud name, you need to provide certain information. You can find definitions and steps to gather this information above on this page.
