Connect to Azure for Recommendations

7 min

here are the steps to manually set up your azure integration with amberflo prerequisites azure portal access ensure you have sufficient permissions in the azure portal to create exports and access billing scopes global admin access if you do not see specific billing scopes or subscriptions, you may need global administrator privileges during the setup process, you will define the following values be sure to record them , as you will need to share these with amberflo to complete the integration credentials application (client) id directory (tenant) id client secret amberflo can integrate with microsoft azure to surface actionable cost optimization recommendations based on your usage this guide walks you through the steps required to securely create the integration with azure step 1 create credentials for amberflo https //portal azure com/#home search for and open microsoft entra id in the left hand menu, select manage > app registrations , then click + new registration name the application (for example, amberflo) and leave the remaining fields at their default values click register on the overview page of your new application copy and save the following values for later use application (client) id directory (tenant) id next, create a client secret in the left hand menu, select certificates & secrets click + new client secret to generate a secret copy the value field of the new client secret and store it securely this is only shown once note if your client secret is set to expire, you must renew it before expiration and provide amberflo with the updated value step 2 create a custom role for azure advisor access in the azure portal , search for and navigate to subscriptions select one of your active subscriptions in the left hand panel, select access control (iam) click + add , then choose add custom role choose start from json and paste in the following role definition { "properties" { "rolename" "amberflo recommendations reader", "description" "create, list and read advisor recommendations", "assignablescopes" \[ ], "permissions" \[ { "actions" \[ "microsoft advisor/generaterecommendations/action", "microsoft advisor/generaterecommendations/read", "microsoft advisor/metadata/read", "microsoft advisor/recommendations/read" ], "notactions" \[], "dataactions" \[], "notdataactions" \[] } ] } } under assignable scopes , click add assignable scopes select subscriptions , then choose all subscriptions you want to include click select , then review + create , and finally click create step 3 assign the custom role to amberflo you now need to assign the custom role to the app you created in subscriptions , select each subscription you included in the previous step for each one the subscriptions we will do the following go to access control (iam) and click + add > add role assignment under the roles tab, search for and select the custom role you created (e g , amberflo recommendations reader) click next , then select members in the search box, enter the name of the service principal you registered earlier (e g , amberflo) and select it note the list may initially display only user accounts to locate your registered application, begin typing the name of the service principal (e g , “amberflo”) in the search box the application should appear once you begin entering its name click select , then review + assign repeat these steps for each subscription where you want to enable recommendations step 4 provide credentials to amberflo once everything is configured, collect the following values from step 1 application (client) id directory (tenant) id client secret