Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Configure permissions for Microsoft Azure

Configure permissions for Microsoft Azure

In a Microsoft Azure environment, create a managed identity and a custom role.
Complete the following steps:
  1. Disable the firewall on the Secure Agent machine.
  2. In Azure, create a managed identity named agent_identity. You can use an existing system-assigned managed identity or create a user-assigned managed identity. If you create a user-assigned managed identity, disable the system-assigned managed identity.
    For instructions about creating a managed identity, refer to the Microsoft Azure documentation.
  3. Create a custom role named agent_role with the following role definition:
    { "properties":{ "roleName":"agent_role", "description":"", "assignableScopes":[ "/subscriptions/<subscription ID>/resourceGroups/<storage_resource_group>" ], "permissions":[ { "actions":[ "Microsoft.Storage/storageAccounts/read", "Microsoft.Storage/storageAccounts/write", "Microsoft.Storage/storageAccounts/listKeys/action" ], "notActions":[ ], "dataActions":[ ], "notDataActions":[ ] } ] } }
  4. Assign the custom role agent_role to the managed identity named agent_identity.
  5. Assign the managed identity agent_identity to the VM where the Secure Agent is installed.

0 COMMENTS

We’d like to hear from you!