Azure

Overview

Firefly connects to Azure via a Service Principal. In the Firefly Integrations page, select Add New > Microsoft Azure. You can either provide credentials manually or use Terraform. For manual: you'll need to create an App Registration in Azure AD (which yields a Client ID and Client Secret), and assign it Reader role on the subscriptions you want to manage. In Firefly, you'll enter the Directory (Tenant) ID, the Client ID, Client Secret, and the Subscription ID. Firefly will then use Azure's APIs to scan resources. Alternatively, Firefly's Terraform integration for Azure can automate creating this principal and the required permissions (Integrate AWS | Firefly Documentation Portal). After integration, Firefly will scan resources in the given subscription (VMs, Storage accounts, SQL DBs, etc.). If you have multiple subscriptions or multiple tenants, you'll repeat the integration for each. Firefly supports Azure event-driven updates via Activity Log or Service Bus (depending on config), but it polls Azure periodically (and also daily full scans).

Important Notes

  • Ensure the service principal has read access to all resource groups you want scanned

  • For governance, you can mark certain subscriptions as production during integration (Firefly often has a "Mark as Production" checkbox for each integration which you should tick for your prod accounts)

  • This helps later in filtering policies or inventory by environment

Integration Steps

Step 1: Navigate to the Azure Integration Setup

In Firefly, go to Settings > Integrations > Add New > Azure.

Step 2: Provide the Required Details

Fill in the following fields:

  • Subscription ID – The ID of the Azure subscription you want to integrate

  • Directory Domain – The primary domain of your Azure organization

  • Tenant ID – The unique identifier of your Azure tenant, required for Terraform configurations

  • Location – The Azure region where Firefly resources will be deployed

  • Prefix – A custom prefix to identify Firefly-managed resources

Click Next to proceed.

Step 3: Deploy the Terraform Module

On the next screen, Firefly provides a Terraform module to apply.

Retrieving Required Azure Information

Use the following CLI commands to obtain the necessary values:

Tenant ID:

az account show --query tenantId --output csv

Directory domain:

az ad signed-in-user show --query userPrincipalName --output tsv | cut -d'@' -f2

Provide your Client ID and Client Secret in the Terraform module. These credentials correspond to the Service Principal Firefly will use for authentication.

Scanning Azure Resources

To discover new assets and IaC stacks, as well as changes in the configuration of your assets and IaC stacks, scan your Azure integration.

Procedure

  1. Select Settings > Integrations > Azure

  2. Select the integration

  3. To scan for new assets and changes in the configuration of your assets:

    • Go to the Azure Subscription card

    • Select Scan now

  4. To scan for new Terraform stacks in your storage accounts:

    • Go to the Storage Accounts of Terraform Stacks card

    • Select Scan now

  5. To view the changes:

    • After several minutes, go to the Inventory and/or IaC Explorer

Last updated

Was this helpful?