LogoLogo
  • Welcome to Firefly Documentation
  • Introduction
    • What is Firefly?
    • Who is Firefly for?
    • Why use Firefly?
    • Terminology (Glossary)
  • Key Features
    • Infrastructure-as-Code Automation
    • Cloud Asset Inventory
    • Drift Detection & Remediation
    • Policy-as-Code for Compliance & Governance
    • Cost Visibility & Optimization
    • AI Assistant
    • ChatOps Integration
  • Getting Started
    • Account Setup & Onboarding
    • Connecting Cloud Accounts
    • UI Walkthrough & Navigation
    • First Steps in Firefly
  • Detailed Guides
    • Dashboard Overview
    • Cloud Asset Inventory
      • Remediating Drifts
      • Deleting Assets
      • Creating IaC-Ignore Rules
      • Creating Exclude-Drift Rules
    • Policy & Governance
      • Creating Policy-as-Code Governance Rules
      • Remediating Policy Violations
    • Workflows & Guardrails
      • Creating Workflows
      • Creating Guardrail Rules
    • Codification
    • Self-Service
    • IaC Explorer
    • Event Center
    • Backup and Disaster Recovery
    • Notifications
    • User Management
    • SSO Configuration
  • Integrations
    • Integrations Overview
    • Integrating Data Sources
      • AWS
      • Azure
      • Google Cloud
      • Kubernetes
      • Akamai
      • Datadog
      • New Relic
      • Okta
      • GitHub
      • Cloudflare
      • NS1
      • PagerDuty
      • MongoDB Atlas
      • HashiCorp Vault
    • Integrating IaC Remote State
      • Terraform Cloud
      • Google Cloud Storage
      • env0
      • HashiCorp Consul
      • Firefly States Redactor
    • Integrating Version Control
      • GitHub
      • GitLab
      • Azure DevOps
      • CodeCommit
      • Bitbucket
    • Integrating Notifications
      • Slack
      • Microsoft Teams
      • PagerDuty
      • Opsgenie
      • Torq
      • Webex
      • Google Chat
      • Webhook
    • Integrating Project Management
      • Jira
      • ServiceNow
    • Integrating Workflows with CI/CD
    • Integrating Backstage
    • Integrating MCP
  • Use Cases & Best Practices
    • Cloud Governance & Visibility
    • Cost Optimization Strategies
    • Compliance and Security Best Practices
    • Infrastructure Automation & Self-Service
    • Best Practices and Implementation Tips
  • Analytics & Reporting
    • Analytics Dashboard Overview
    • Using Analytics for Improvement
    • Exporting and Sharing Reports
    • Analytics Security and Privacy
  • Code Snippets & Examples
    • Terraform Snippet for an AWS EC2 Instance (Codified via Firefly)
    • Example Rego Policy (OPA) for a Custom Rule
    • GitHub Actions Workflow YAML for Firefly Integration
    • JSON Output Example: Exporting Inventory
  • Troubleshooting & FAQs
    • Common Issues and Solutions
    • FAQs
  • General Information
    • Firefly API
      • Authentication
      • Inventory
      • Codification
      • Workflows
      • Self-Service
      • Policy & Governance
      • IaC Explorer
      • Event Center
      • Backup & Disaster Recovery
      • Notifications
      • Integrations
      • Identity & Access Management
    • Security & Compliance
    • Pricing Tiers & Add-ons
    • Contacting Support
Powered by GitBook
On this page
  • Overview
  • Important Notes
  • Integration Steps
  • Step 1: Navigate to the Azure Integration Setup
  • Step 2: Provide the Required Details
  • Step 3: Deploy the Terraform Module
  • Retrieving Required Azure Information
  • Tenant ID:
  • Directory domain:
  • Scanning Azure Resources
  • Procedure

Was this helpful?

  1. Integrations
  2. Integrating Data Sources

Azure

Overview

Firefly connects to Azure via a Service Principal. In the Firefly Integrations page, select Add New > Microsoft Azure. You can either provide credentials manually or use Terraform. For manual: you'll need to create an App Registration in Azure AD (which yields a Client ID and Client Secret), and assign it Reader role on the subscriptions you want to manage. In Firefly, you'll enter the Directory (Tenant) ID, the Client ID, Client Secret, and the Subscription ID. Firefly will then use Azure's APIs to scan resources. Alternatively, Firefly's Terraform integration for Azure can automate creating this principal and the required permissions (Integrate AWS | Firefly Documentation Portal). After integration, Firefly will scan resources in the given subscription (VMs, Storage accounts, SQL DBs, etc.). If you have multiple subscriptions or multiple tenants, you'll repeat the integration for each. Firefly supports Azure event-driven updates via Activity Log or Service Bus (depending on config), but typically it polls Azure periodically (and also daily full scans).

Important Notes

  • Ensure the service principal has read access to all resource groups you want scanned

  • For governance, you can mark certain subscriptions as production during integration (Firefly often has a "Mark as Production" checkbox for each integration which you should tick for your prod accounts)

  • This helps later in filtering policies or inventory by environment

Integration Steps

Step 1: Navigate to the Azure Integration Setup

In Firefly, go to Settings > Integrations > Add New > Azure.

Step 2: Provide the Required Details

Fill in the following fields:

  • Subscription ID – The ID of the Azure subscription you want to integrate

  • Directory Domain – The primary domain of your Azure organization

  • Tenant ID – The unique identifier of your Azure tenant, required for Terraform configurations

  • Location – The Azure region where Firefly resources will be deployed

  • Prefix – A custom prefix to identify Firefly-managed resources

Click Next to proceed.

Step 3: Deploy the Terraform Module

On the next screen, Firefly provides a Terraform module to apply.

Retrieving Required Azure Information

Use the following CLI commands to obtain the necessary values:

Tenant ID:

az account show --query tenantId --output csv

Directory domain:

az ad signed-in-user show --query userPrincipalName --output tsv | cut -d'@' -f2

Provide your Client ID and Client Secret in the Terraform module. These credentials correspond to the Service Principal Firefly will use for authentication.

Scanning Azure Resources

To discover new assets and IaC stacks, as well as changes in the configuration of your assets and IaC stacks, scan your Azure integration.

Procedure

  1. Select Settings > Integrations > Azure

  2. Select the integration

  3. To scan for new assets and changes in the configuration of your assets:

    • Go to the Azure Subscription card

    • Select Scan now

  4. To scan for new Terraform stacks in your storage accounts:

    • Go to the Storage Accounts of Terraform Stacks card

    • Select Scan now

  5. To view the changes:

    • After several minutes, go to the Inventory and/or IaC Explorer

PreviousAWSNextGoogle Cloud

Last updated 1 month ago

Was this helpful?