For Alert Logic to protect assets in Microsoft Azure, you must create a user account with specific permissions. Role-Based Access Control (RBAC) enables fine-grained access management for Azure accounts. Assignment of a RBAC role to the user account you create grants only the amount of access required to allow Alert Logic to monitor your environments.
This procedure requires administrative permissions in Azure, and the installation of one of the following command line interfaces:
To configure your RBAC role in Azure:
- Log into the Azure portal.
- In the left menu, click Azure Active Directory.
- On the left panel, under Manage, click Users.
- Click New user, and enter a name and email address.
- Ensure the Directory role is User.
- Click Create.
- Open a new browser window and navigate to the Azure portal login page.
- Log into the Azure portal as the new user.
- At the prompt, change the password for the user.
RBAC roles enable fine-grained access management for Azure. After you create a user account, you must assign an RBAC role to the user. The Alert Logic RBAC role grants only the amount of access required to monitor your environments.
For more information about Azure RBAC or managing roles with command-line applications, see:
- Role based access control custom roles
- Manage Role-Based Access Control with the Azure command-line interface
- Manage Role-Based Access Control with Azure PowerShell
To create a custom RBAC role, you must first create a role document and then create a custom role in the Azure portal.
To create a custom RBAC role:
- Create a new text file and copy the Alert Logic RBAC role into it.
- Make the following changes to the file:
- In the "Name": "user name", line, change the "user name" entry to the user name for the user account you just created.
- In the "AssignableScopes":"/subscriptions/<subscription id>" line, change the <subscription ID> value to the Subscription ID found on your Azure portal Subscriptions blade.
- Save the text file as a JSON file.
- Open either Azure CLI 2.0 or Azure PowerShell, and log in to your Azure account, and then specify the default subscription. Azure Azure CLI 2.0 commands
az account set --subscription <your subscription id>Azure Azure PowerShell commands
Get-AzureRmSubscription –SubscriptionName [your subscription name] | Select-AzureRmSubscription
- Create your custom role in Azure.
- In the Azure portal, under Subscriptions, select your subscription, and then click select Access control (IAM).
- Click Roles to verify that the RBAC role you created appears in the portal.
After you create the RBAC role, you must assign it to the user account. In Azure, roles are assigned in the Access Control portion of the Subscriptions blade.
- In the Azure Navigation Menu, click Subscriptions.
- In the Subscriptions blade, select the subscription you want Alert Logic to protect, and then click Access Control (IAM).
Make note of the subscription ID, which you need later when you create an Azure deployment.
- Above the list of users, click +Add.
- In the Add access blade, select the RBAC role you created from those listed.
- In the Add users blade, enter the user account name in the search field, and then select the user account name from the list.
- Click Select.
- Click OK.
Obtain the Active Directory ID in Azure
You need the Active Directory ID to complete the assignment of the RBAC role to the user account that grants access to Alert Logic.
To obtain the Active Directory ID:
- In the Azure portal, on the bar on the top right, click the Help icon ().
- Click Show Diagnostics to download the JSON file, and then open it in a text editor.
- Under the "tenants": line, look for "id": "your active directory ID".
- Take note of the active directory ID.
Create a deployment in the Alert Logic console
The Deployments page appears under the Configuration tab in the Alert Logic console. To add a deployment, click the icon, and then select Microsoft Azure.
After you name your deployment, fill out the required fields to allow Alert Logic access to your account.
- Fill out the required fields:
- Active Directory ID
- User (your email address)
For more information about adding Azure deployments, see Azure Deployment Configuration.