Skip to main content

Connect an Azure subscription with Terraform

Overview

This documentation article provides a step-by-step guide to establishing a connection between your Microsoft Azure subscription and the Upwind platform.

By establishing this connection, you enable Upwind to detect Kubernetes clusters and cloud resources within your subscription, integrate it with the Upwind platform, and gain access to Microsoft Azure APIs. This access enables the collection of contextual information, which enriches the Detection and Findings of security threats in your environment.

To facilitate this process, we will utilize Terraform, an infrastructure-as-code tool. Through Terraform, we will create the resources and configurations necessary for establishing the connection between Azure and the Upwind platform.

Requirements

The following is a list of requirements to run Upwind Terraform modules for Azure:

  1. Azure Global Administrator - An Azure portal account with a Global Administrator role for your tenant's directory.
  2. Azure Owner Role - An Azure portal account with the Owner role in all subscriptions you want to monitor.
  3. Azure CLI - The Terraform provider for Azure leverages configuration from the Azure CLI to configure resources in Azure.

Dependencies

The following is a list of dependencies to run Upwind Terraform modules for Azure when running the terraform init command:

  1. azuread
  2. azurerm
  3. random
  4. http
  5. time

Installation

Once you select the Terraform installation method on the Upwind console, you will be provided with a Terraform script that you can use to connect your Azure subscription to Upwind. The default onboarding method is Terraform.

img_16.png

Retrieving Subscription ID & Tenant ID

In the Upwind console, in the Subscription ID and Tenant ID fields, you can get them from the https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade page or by running the following Shell commands, with your Subscription Id:

az account list --all --query "[].{SubscriptionName:name, SubscriptionID:id, TenantID:tenantId}" --output table

An output example:

terminal-az-account-list.png

Running the Terraform script

Now that you have inserted the subscription ID and tenant ID, the Upwind console will automatically inject all the required parameters to the Terraform script, and all you need to do is to run the following commands:

  1. Copy&Paste the code snippet above into the main.tf file, and then save the file.
  2. Run the command terraform init to download the necessary plugins and modules to run this automation. Using the upgrade flag terraform init --upgrade is recommended.
  3. Run terraform plan to create a "plan" of the resources that will be created.
  4. After you review the pending changes, run terraform apply and type yes to proceed with the Azure and Upwind integration.
info

The authorization token injected into the Terraform script is a one-time token that will expire after use.

Success criteria

After you run the terraform apply command, you should see the following output:

Apply complete! Resources: 9 added, 0 changed, 0 destroyed.

Outputs:
application_client_id     = "<CREATED_APP_REGISTRATION_ID>"
application_client_secret = "<CREATED_CLIENT_SECRET>"
directory_tenant_id       = "<TENANT_ID>"
subscription_id           = "<SUBSCRIPTION_ID>"
instructions              = <<-EOT
        Your information was sent to the Upwind API.
         Return to the Upwind console and click "Next" to continue the onboarding process.
    EOT

Continue with the Upwind console

As the Terraform onboarding is complete, go to the Upwind console, and click "Next" to validate connectivity to the Azure subscription.

Now that the connectivity is established between the Azure subscription and Upwind, you can start discovering your Azure resources in the Map and Dashboards.

Troubleshooting

If you encounter any issues in the process of connecting your Azure subscriptions to Upwind, please get in touch with our support team at support@upwind.io.

Next Steps

After establishing a connection to your Azure subscription(s), Upwind will discover any EC2 instances or Kubernetes clusters within your account and label them as Unconnected.

To connect a Kubernetes cluster with Upwind, follow the instructions provided on the Connect a Kubernetes cluster page.

To connect a Linux host with Upwind, follow the instructions provided on the Connect a Linux host page.