This document helps you to setup API credentials on Azure ARM.
Aviatrix Cloud Controller uses Azure APIs extensively to launch Aviatrix gateways, configure encrypted peering and other features.
In order to use Azure API, you need to first create an Aviatrix Cloud Account on the Aviatrix Cloud controller. This cloud account corresponds to a valid Azure account with API credentials.
The new Microsoft Azure (as opposed to Azure Classic) is significantly different in how applications are authenticated and authorized to interact with Azure Resource Manager APIs to manage resources, such as Virtual Machines, Network, Storage Accounts, etc.
This document describes how to obtain the necessary information, specifically Application ID, Application Key, and Application Directory ID to create an Aviatrix Cloud Account with step by step instructions. There are 3 sections, make sure you go through all of them.
Or you may refer to this video:
2.0 Azure Permission Setup for Aviatrix¶
Setting up Azure permission for Aviatrix involves three main steps.
- Register Aviatrix Controller Application with Azure Active Directory
- Grant Permissions
- Get Application ID, Application Key and Directory ID
Important: Complete the follow steps in order.
2.1 Step 1 – Register Aviatrix Controller Application¶
Login to the Azure Portal.
*Register Aviatrix Controller*
- From the Azure portal click on “All services” and search for “Azure Active Directory” and click on “Azure Active Directory”
- Click “App registrations”
- Click “+ New application registration”
- Name = Aviatrix Controller
- Application Type = Web app / API
- Sign-on URL = http://aviatrix
- Click Create.
2.2 Step 2 – Grant Permissions¶
- Login to the Azure portal
- On the top left, click All services, search for “Subscriptions”
- Copy the Subscription ID (to notepad or a convenient location)
- Click on the Subscription ID
- Then select “Access control (IAM)”.
- Click Add and then select the “Contributor” role.
- In the Select search field, type in “Aviatrix”. The Aviatrix Controller app should show up. Select this one and click Select towards to the bottom.
2.3 Step 3 – Get Application Information¶
Get Application Information
From the Azure portal, click All services and search for “Azure Active Directory”.
Retrieve the Application Directory ID.
- Scroll down the Azure Active Directory panel and Click on Properties
- Copy the “Directory ID” (to notepad or a convenient location)
Retrieve the Application ID.
- Scroll up and click App registrations
- Copy the “Application ID”
Retrieve the Application Key.
- Click Aviatrix Controller
- Click Settings
- Click Keys
- Enter in the following
- Description = Aviatrix
- Expires = Never expires
- Click Save
- Copy the key value (to notepad or a convenient location)
Add App permissions.
- Click Required permissions -> Add
- Click Select an API -> Click Windows Azure Service Management API and click Select down below
- Click “Access Azure Service Management as organization user” and click Select
At this point you should have the following information.
|Subscription ID||From step 2|
|Directory ID||From step 3|
|Application ID||From step 3|
|Application Key||From step 3|