Azure

Firefly integrates with Microsoft Azure to pull in information about your cloud resources—such as virtual machines, storage accounts, and databases—directly into your Firefly Inventory. This enables you to view, manage, and govern Azure assets alongside resources from other cloud providers. You can use Firefly to enforce infrastructure-as-code (IaC) practices and apply policies across your Azure environment, helping ensure compliance, visibility, and best practices at scale.

Integration Methods

When integrating an Azure account, you have two primary methods:

Both methods create a service principal with read access to your Azure resources and can be configured for either individual subscriptions or management group (auto-discover) scenarios.

Best Practices

  1. Ensure the service principal has read access to all resource groups you want scanned.

  2. Use dedicated service principals for Firefly's access rather than sharing with other applications.

  3. For governance, mark certain subscriptions as production during integration (Firefly has a "Mark as Production" checkbox for each integration which you should tick for your production accounts).

  4. Monitor the Firefly service principal in Azure to ensure it's not being used elsewhere.

Integration Methods

Using ARM Template

ARM Template is the recommended method for Azure integration as it provides automated deployment through the Azure Portal.

Prerequisites

  • Ensure you have appropriate permissions in Azure to deploy ARM templates.

  • Access to the Azure Portal.

  • Proper access to the subscriptions or management groups you want to integrate.

Setup Procedure

  1. In Firefly, go to Settings > Integrations > Add New > Azure.

  2. Select your integration method:

    • Individual Subscriptions > ARM Template (Recommended)

    • Management Group (Auto-Discover) > ARM Template

  3. Click Deploy to Azure to open the ARM template in the Azure Portal.

  4. Generate a Firefly API Key by clicking Generate API Key in Firefly.

  5. Copy the key and paste it into the ARM template as instructed.

  6. Follow the instructions in the Azure Portal to complete the deployment.

Using Terraform

Prerequisites

  1. Terraform v0.13 or later.

  2. Azure CLI installed and configured.

  3. Service principal with necessary permissions.

  4. Selected Azure subscription(s) or management group access.

To verify prerequisites, run:

az account show && terraform --version

Setup Procedure

  1. In Firefly, go to Settings > Integrations > Add New > Azure.

  2. Select your integration method:

    • Individual Subscriptions > Terraform

    • Management Group (Auto-Discover) > Terraform

  3. Fill in all required fields in the form (e.g., Management Group Name, Subscription ID, Tenant ID, Resource Group Name, Resource Group Location).

  4. Copy the generated Terraform code snippet.

  5. Create a new directory and save the snippet as main.tf.

  6. Run the following commands in your terminal:

    terraform init
    terraform plan
    terraform apply
  7. Additional setup instructions and information about the Firefly onboarding Terraform module are available in Firefly Azure Integration.

Retrieving Required Azure Information

Use the following CLI commands to obtain the necessary values:

Tenant ID:

az account show --query tenantId --output csv

Directory domain:

az ad signed-in-user show --query userPrincipalName --output tsv | cut -d'@' -f2

Provide your Client ID and Client Secret in the Terraform module. These credentials correspond to the Service Principal Firefly will use for authentication.

Azure Discovery Status

To scan your integration for changes and discover new assets:

Procedure

  1. Go to Settings > Integrations > Azure.

  2. Find the integration you want to scan.

  3. For assets changes, on the integration menu, select Scan Assets.

  4. For IaC stacks changes, on the integration menu, select Scan Stacks.

  5. View changes in the Inventory and/or IaC Explorer after several minutes.

Last updated

Was this helpful?