To connect your Azure subscription to Save On Clouds, we’re going to create an Azure app registration, which Save On Clouds will use to manage the resources in your subscription. Please note that if you have more than one subscription, you will require a separate connection in Save On Clouds for each.
As documented here, In order to allow an app registration to manage resources, you will require the following permission:
Microsoft.Authorization/*/Write
This is present in both the Owner role and User Access Administrator role. If you do not have this permission, contact your administrator before continuing.
App Registration Setup
Follow these steps to create an Azure app registration. We suggest creating an app registration called ‘Save On Clouds’.
Next, follow these steps to allow this app registration to manage resources in your subscription.
The above-referenced documentation suggests giving your app registration Contributor access to your subscription. If this is too broad, the Azure built-in role with the minimum required RBAC permissions to run Save On Clouds is Virtual Machine Contributor. You can also follow the instructions below to create a custom role with the minimum required permissions.
Optional: Minimum Possible Permissions
If Virtual Machine Contributor is too broad for your requirements, it’s possible to create a custom role that will allow you to give your app registration the absolute minimum possible subscription access that Save On Clouds requires to run.
In JSON, that role looks like this:
{
"properties": {
"roleName": "SaveOnClouds Minimum Access",
"description": "Minimum access required for Save On Clouds.",
"assignableScopes": [
"/subscriptions/<subscription-id>"
],
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
Where <subscription-id> is the subscription you’d like to connect to Save On Clouds.
Navigate to your subscription, then select ‘Access control (IAM). Select ‘Add’, then ‘Add custom role’.
From here, navigate directly to ‘JSON’, select ‘Edit’, and paste in the role JSON.
Hit ‘Save’ then ‘Review + create’.
Review your new role and if you’re satisfied hit ‘Create’.
You should now be able to assign this role to your app registration, scoped to your subscription, as referenced above and in this documentation.
Connect to Save On Clouds
Once you have created an app registration and given it access to your subscription, you’re ready to connect your subscription to Save On Clouds.
To do this we need four pieces of information:
- Subscription ID
- Application ID
- Directory ID
- Client Secret
To find your Subscription ID, in the Azure portal, go to Home > Subscriptions.
To find your Tenant and Directory ID, go to Home > App Registrations, and select the app registration you connected to your subscription earlier.
To create a client secret, select ‘Certificates and secrets’ in your app registration.
Select ‘New client secret’, give it a name and set the expiration date. Take note of the secret’s value.
Now you have everything you need, head over to Save On Clouds and navigate to the ‘Cloud Accounts’ page.
Click the ‘+ Azure’ logo, enter the information you’ve gathered and hit create!
In a few minutes, the Azure resources in your connected subscription should appear under ‘Cloud Resources’, and you’re ready to start saving.
