This document helps you setup API credentials on Azure ARM.
Aviatrix Cloud Controller uses Azure APIs extensively to launch Aviatrix gateways, configure encrypted peering and other features.
In order to use Azure API, you need to first create an Aviatrix Cloud Account on the Aviatrix Cloud controller. This cloud account corresponds to a valid Azure account with API credentials.
The new Microsoft Azure (as opposed to Azure Classic) is significantly different in how applications are authenticated and authorized to interact with Azure Resource Manager APIs to manage resources, such as Virtual Machines, Network, Storage Accounts, etc.
This document describes how to obtain the necessary information, specifically Application ID, Application Key(Client secret), and Application Directory ID to create an Aviatrix Cloud Account with step by step instructions. There are 3 sections, make sure you go through all of them.
2.0 Azure Permission Setup for Aviatrix¶
Setting up Azure permission for Aviatrix involves three main steps.
- Register Aviatrix Controller Application with Azure Active Directory
- Grant Permissions
- Get Application ID, Application Key(Client secret) and Directory ID
Important: Complete the following steps in order.
2.1 Step 1 – Register Aviatrix Controller Application¶
Login to the Azure Portal.
*Register Aviatrix Controller*
- From the Azure portal click on “All services” and search for “Azure Active Directory” and click on “Azure Active Directory”
- Click “App registrations”. Do not choose “App registrations (Legacy)”
- Click “+ New registration”
- Name = Aviatrix Controller
- Supported account types = Accounts in this organizational directory only
- Click Register.
2.2 Step 2 – Grant Permissions¶
- Login to the Azure portal
- On the top left, click All services, search for “Subscriptions”
- Copy the Subscription ID (to notepad or a convenient location)
- Click on the Subscription ID
- Then select “Access control (IAM)”.
- Click Add and then select the “Contributor” role.
- In the Select search field, type in “Aviatrix”. The Aviatrix Controller app should show up. Select this one and click Select towards to the bottom.
2.3 Step 3 – Get Application Information¶
Get Application Information
From the Azure portal, click All services and search for “Azure Active Directory”. Click “App registrations” and then the application to see the Application (client) ID and Directory (tenant) ID.
Retrieve the Application (client) ID and Directory (tenant) ID.
- Copy the Application ID and Directory ID for later use.
Retrieve the Client Secrets.
- Click Certificates & secrets
- Click New client secret
- Enter in the following
- Description = Aviatrix
- Expires = Never
- Click Add
- Copy the secret. This will be used as the Application Key in the Aviatrix Controller.
Add API permissions.
- Click API permissions
- Click “+Add a permission”
- Choose Azure Service Management
- Select user_impersonation then Add permissions
At this point you should have the following information.
|Subscription ID||From step 2|
|Directory ID||From step 3|
|Application ID||From step 3|
|Application Key(Client secret)||From step 3|