CLOUD - GOVERNANCE & CONTROL
Cloud Integrations
Azure
7 min
here are the steps to manually set up your azure integration with amberflo prerequisites azure portal access ensure you have sufficient permissions in the azure portal to create exports and access billing scopes global admin access if you do not see specific billing scopes or subscriptions, you may need global administrator privileges during the setup process, you will define the following values be sure to record them, as you will need to share these with amberflo to complete the integration thee are two types of values; credentials and report details credentials these values allow amberflo to securely access the exported data from your azure environment application (client) id the unique identifier for the application you registered in azure directory (tenant) id the identifier for your microsoft entra id (formerly azure active directory) tenant client secret the secret used to authenticate the application if the secret has an expiration date, be sure to rotate it and update amberflo before it expires report details these values determine where your cost export will be stored and how amberflo retrieves it storage account the name of the azure storage account where the export will be delivered container name the specific container inside the storage account that will hold the export files directory path similar to a folder path, this defines the virtual subdirectory inside the container where the report files will be stored important azure will automatically create this structure when the report is generated you do not need to manually create the folders choose a clear and descriptive path to make it easier to identify and manage in the future do not include leading or trailing slashes (e g , use amberflo reports, not /amberflo reports/) export name the label you assign to this cost export within azure this will be used for identification of the report in the portal step 1 create a service principal in the azure portal , search for and select microsoft entra id (formerly azure active directory) select app registrations , then click new registration name the application (e g , “amberflo”) leave the default values for other parameters and click register on the overview page, save the application (client) id and the directory (tenant) id these will be needed later for amberflo step 2 set up authentication for amberflo integration, use password based authentication (an application secret) under your new app registration, select certificates & secrets from the left hand menu click + new client secret to create a new client secret important when the secret is set to expire, you must renew it before expiration and provide the updated value to amberflo copy the value of the newly created client secret save it somewhere safe to share with amberflo, along with the application (client) id and the directory (tenant) id from step 1 step 3 access cost management + billing log in to the azure portal and navigate to cost management + billing select the billing scope you want to export if you do not see the billing scope or subscription, ensure you have the correct permissions or enable global administrator access if needed step 4 create the focus export from the cost management + billing page, select exports click + new export configure the export settings export type select focus (this should use focus version 1 2) storage account choose create new storage account name enter a unique name for the storage account container name enter any desired name (e g , amberflo exports) directory path enter a descriptive directory name of your choice this should not be the same as the storage account name or container name as this can cause confusion later on format select parquet compression select snappy click review + create to finalize the export step 5 grant amberflo access to the container in your storage account , select containers and open the container you created for the export note if you are not seeing the container it is because it can take time for the container to be created when you set up a new export, sometimes up to 30 minutes click access control (iam) click + add and then select add role assignment search for storage blob data reader , select it, and click next click + select members and find the amberflo service principal you created select the amberflo service principal and click select click review + assign to complete the role assignment step 6 provide details to amberflo credentials application (client) id directory (tenant) id client secret report details storage account container name directory path export name amberflo will use this information to setup the integration with azure optional steps to whitelist ips in azure blob storage open the azure portal go to the storage account in which the container has the focus data for amberflo this will narrow amberflo access to just your storage container in the left pane, go to security + networking then networking select enabled from selected virtual networks and ip addresses under public network access under firewall , enter the amberflo vpc nat ip addresses 54 68 31 10, 52 41 247 250 click save
