Skip to main content

Connect an Azure subscription with Terraform

Overview

This documentation article provides a step-by-step guide to establishing a connection between your Microsoft Azure subscription and the Upwind platform.

By establishing this connection, you enable Upwind to detect Kubernetes clusters and cloud resources within your subscription, integrate it with the Upwind platform, and gain access to Microsoft Azure APIs. This access enables the collection of contextual information, which enriches the Detection and Findings of security threats in your environment.

To facilitate this process, we will utilize Terraform, an infrastructure-as-code tool. Through Terraform, we will create the resources and configurations necessary for establishing the connection between Azure and the Upwind platform.

Prerequisites

The following is a list of requirements to run Upwind Terraform modules for Azure:

  1. Azure Global Administrator - An Azure portal account with a Global Administrator role for your tenant's directory.
  2. Azure Owner Role - An Azure portal account with the Owner role in all subscriptions you want to monitor.
  3. Azure CLI - The Terraform provider for Azure leverages configuration from the Azure CLI to configure resources in Azure.

Setup

note

If you already possess a pre-existing account-type credential, you may reuse it and proceed directly to step 5.

  1. Log in to the Upwind Management Console .

  2. Navigate to the Inventory page and access the Accounts section.

  3. Click on the Connect account button located in the top-right corner of the page, and select Microsoft Azure.

  4. Under Cloud Account Credentials, click on Generate to obtain the values for the upwind_client_id and upwind_client_secret variables.

  5. Create a new directory for your Terraform project and navigate to it in your terminal. Inside the project directory, create a new file named main.tf to hold the Terraform configuration. Copy or download the code snippet from the Terraform setup section and paste it into main.tf.

  6. Run the following command to initialize Terraform within the project directory:

    terraform init

  7. Run the following command to apply the Terraform configuration and create the necessary resources:

    terraform apply

    Review the changes that Terraform plans to make and enter yes when prompted to confirm the changes. Terraform will create the connection between your Azure subscription and Upwind based on the provided configuration.

  8. Once the terraform apply command has successfully executed, the connection should be established within a few moments. A success message will appear in the console to indicate the successful account connection.

Troubleshooting

If you encounter any issues during the process of establishing a connection between your Google Cloud project and Upwind using Terraform, consider the following troubleshooting steps:

  1. Microsoft Azure Subscription ID: Verify that the Microsoft Azure subscription ID(s) specified in the Terraform configuration matches the ID(s) of the desired Microsoft Azure subscription ID(s).

  2. Client Credentials: Verify that the client credentials for Upwind (upwind_client_id and upwind_client_secret) are accurate. Make sure there are no typos or incorrect values.

  3. Authentication Errors: Verify that the azurerm provider is configured correctly in your Terraform configuration.

  4. Insufficient Permissions: Verify that the azurerm provider is configured with credentials from a user that has the required permissions.

  5. Terraform Version Compatibility: Verify that your Terraform version is compatible with the required version. Refer to the provider documentation or release notes for compatibility details. Consider updating Terraform to the latest stable version.

  6. Error Messages and Logs: Pay attention to any error messages or logs displayed during the terraform apply command. They can provide valuable insights into the specific issue you are facing. Look for any specific error codes or descriptions that can guide your troubleshooting process.

If you are still unable to resolve the issue after following these troubleshooting steps, please initiate a chat with us in the Upwind Management Console . The chat support is available 24/7.

Next Steps

After establishing a connection to your Azure subscription(s), Upwind will discover any virtual machines or Kubernetes clusters within your account and label them as Unconnected.

To connect a Kubernetes cluster with Upwind, follow the instructions provided on the Connect a Kubernetes cluster page.

To connect a Linux host with Upwind, follow the instructions provided on the Connect a Linux host page.