Connecting AIMS with your Azure subscription is a straightforward configuration requiring no agent installation. In the above screenshot you see what information is required to connect.
To connect your Azure environment to the AIMS Platform you need to provide AIMS with information from your Azure Subscription.
In this guide we will create an Application that will have the access to all Resources within a selected subscription. You can also create an Application with access only to selected resources, but this is not covered in this guide.
Follow the below steps and gather the required information (to configure the AIMS Platform):
- In the Azure Portal ( https://portal.azure.com ) perform the below steps to gather the required information:
1.1 You need an App registration to allow AIMS to monitor your Azure Resources.
1.1.1 Open App registrations in the Azure Portal.
1.1.2 Click New application registration.
1.1.3 Type any valid name.
1.1.4 Select "Web" in Redirect URI.
1.1.5 Add any URL f.ex. https://yourcompanyname.com/auth
1.1.6 Click Register.
1.1.7 Select the application you've created, and copy its Application ID for later use (refer img1.0)
img1.0 - AppID is used in the field "Client ID" in the AIMS install popup
1.2 In the application created in step 1.1 we need to create an access key:
1.2.1 Open "Certificates & secrets" -> "New client secret" in the application.
1.2.2 Type anything in the description.
1.2.3 Select duration from the “Expires” dropdown, we recommend selecting the maximum duration possible.
1.2.4 Click Save. A value will appear under Value.
1.2.5 Copy the value for later config in AIMS. Make sure you do this right away, as the value will be hidden once you navigate away from this page.
img2.0 Copy the value field (secret)
1.3 You need to provide permissions to the Subscription or Resources that AIMS will monitor:
1.3.1 Navigate to the Subscription you want to monitor in the Azure Portal.
1.3.2 Open Access control (IAM) of the Subscription.
1.3.3 Click Add. Select "Add role assignment".
1.3.4 Select 'Reader' in Role. Click next.
1.3.5 Select "Member" section on top, then select assign access to "User,group or service principal". On members, add your newly created app. Click next
1.3.6 On the "Review + assign" section , simply select the "Review + assign" button at the bottom left.
1.4 We need the Subscription ID from the selected subscription:
1.4.1 Navigate to the Subscription you want to monitor in the Azure Portal.
1.4.2 Select "Overview".
1.4.3 Copy the Subscription ID value.
img4.0 Copy the subscription ID
1.5 We need the Primary Domain Name from the Azure AD:
1.5.1 Open Azure Active Directory in the Azure Portal.
1.5.2 Open Custom Domain Names.
1.5.3 Copy the Primary Domain Name.
img5.0 Copy the Primary Domain Name
You should now have all the necessary information available to connect your Azure resources to AIMS:
- Primary Domain Name
- App ID (client ID)
- Subscription ID