This document helps you to setup API credentials on Azure ARM.
Aviatrix Cloud Controller uses Azure APIs extensively to launch Aviatrix gateways, configure encrypted peering and other features.
In order to use Azure API, you need to first create an Aviatrix Cloud Account on the Aviatrix Cloud controller. This cloud account corresponds to a valid Azure account with API credentials.
The new Microsoft Azure (as opposed to Azure Classic) is significantly different in how applications are authenticated and authorized to interact with Azure Resource Manager APIs to manage resources, such as Virtual Machines, Network, Storage Accounts, etc.
This document describes how to obtain the necessary information, specifically Application Client ID, Application Client Secret, and Application Endpoint to create an Aviatrix Cloud Account with step by step instructions. There are 3 sections, make sure you go through all of them.
2.0 Azure Permission Setup for Aviatrix¶
Setting up Azure permission for Aviatrix involves three main steps.
- Register Aviatrix Controller Application with Azure Active Directory
- Grant Permissions
- Get Application Client ID, Application Client Secret and Application Endpoint
Important: Complete the follow steps in order.
2.1 Step 1 – Register Aviatrix Controller Application¶
Login to the Azure Portal.
*Register Aviatrix Controller*
- From the Azure portal click on “Azure Active Directory” and then “App registrations”
- Click “+ Add”
- Name = Aviatrix Controller
- Application Type = Web app / API
- Sign-on URL = http://aviatrix
- Click Create.
2.2 Step 2 – Grant Permissions¶
Login to the Azure portal
On the bottom left, click More services, search for “Subscriptions”
Copy the Subscription ID (to notepad or a convenient location)
Click on the Subscription ID
Then select “Access control (IAM)”.
Click Add and then select the “Contributor” role.
In the User search field, type in “Aviatrix”. The Aviatrix Controller app should show up. Select this one and click Select towards to the bottom.
2.3 Step 3 – Get Application Information¶
*Get Application Information*
- From the Azure portal, click More services and search for “Azure Active Directory”.
At this point you should have the following information.
|Subscription ID||From step 2|
|Application Endpoint ID||From step 3|
|Application Client ID||From step 3|
|Application Client Secret||From step 3|