Connect to Azure

Connecting Lightwing to Azure

To connect Azure, you need to obtain following credentials from your Azure account.

  1. Subscription id
  2. Client id (aka application id)
  3. Tenant id (aka directory id)
  4. Client secret

In case if you are not familiar with account hierarchy in Azure : Azure hierarchy

Documentation assumes that you already have resources deployed in the above fashion.

Getting Subscription id

  1. Login to your Azure portal
  2. Navigate to subscriptions
  3. Select the Subscription ID that you are using. Eg: f7102f5d-99d7-4565-9c09-dfde38b10ea9

Getting client id and tenant id

You need to register Lightwing as a new App within App registrations page.

Once you register an app, clicking on the Lightwing app name will give you client id and tenant id.

Getting client secret

  1. Click on the App name from the App registrations page
  2. Click on “Certificates & secrets” from the left menu
  3. Click on New client secret
  4. Once created copy the Value. This is the Client secret

Providing access role

Now that you have created Lightwing App, you need to give permissions to access the subscription. Lightwing needs Contributor permission to manage your resources. Hence you can either grant Contributor role or all of the following granular roles to Lightwing.

  1. Virtual Machine Contributor
  2. Network Contributor
  3. Storage Account Contributor

Assigning a role

  1. Navigate to subscriptions page
  2. Choose the subscription
  3. Click on Access control (IAM)
  4. Choose Add a role assignment
  5. Choose the role you wish to grant.
  6. Choose Assign access to as Azure AD user, group or service principal
  7. Type your app name (eg: Lightwing)
  8. Save the changes

Note : In case you are assigning 3 granular roles (Virtual Machine Contributor, Network Contributor & Storage Account Contributor), you will need to repeat steps 4 to 8 for each of the three roles independently.

Setting up Azure on Lightwing

Open up lightwing console and follow the below instructions.

  1. Login to lightwing and click on “Cloud accounts”
  2. Click on “Add account” and choose Azure among the list.
  3. Enter subscription id, client id, tenant id and client secret
  4. Click “Next” and lightwing will successfully connect to your Azure account