Azure
Firefly integrates with Microsoft Azure to pull in information about your cloud resources—such as virtual machines, storage accounts, and databases—directly into your Firefly Inventory. This enables you to view, manage, and govern Azure assets alongside resources from other cloud providers. You can use Firefly to enforce infrastructure-as-code (IaC) practices and apply policies across your Azure environment, helping ensure compliance, visibility, and best practices at scale.
Integration Methods
When integrating an Azure account, you have two primary methods:
Both methods create a service principal with read access to your Azure resources and can be configured for either individual subscriptions or management group (auto-discover) scenarios.
Best Practices
Ensure the service principal has read access to all resource groups you want scanned.
Use dedicated service principals for Firefly's access rather than sharing with other applications.
For governance, mark certain subscriptions as production during integration (Firefly has a "Mark as Production" checkbox for each integration which you should tick for your production accounts).
Monitor the Firefly service principal in Azure to ensure it's not being used elsewhere.
Integration Methods
Using ARM Template
ARM Template is the recommended method for Azure integration as it provides automated deployment through the Azure Portal.
Prerequisites
Ensure you have appropriate permissions in Azure to deploy ARM templates.
Access to the Azure Portal.
Proper access to the subscriptions or management groups you want to integrate.
Setup Procedure
In Firefly, go to Settings > Integrations > Add New > Azure.
Select your integration method:
Individual Subscriptions > ARM Template (Recommended)
Management Group (Auto-Discover) > ARM Template
Click Deploy to Azure to open the ARM template in the Azure Portal.
Generate a Firefly API Key by clicking Generate API Key in Firefly.
Copy the key and paste it into the ARM template as instructed.
Follow the instructions in the Azure Portal to complete the deployment.
Using Terraform
Prerequisites
Terraform v0.13 or later.
Azure CLI installed and configured.
Service principal with necessary permissions.
Selected Azure subscription(s) or management group access.
To verify prerequisites, run:
az account show && terraform --version
Setup Procedure
In Firefly, go to Settings > Integrations > Add New > Azure.
Select your integration method:
Individual Subscriptions > Terraform
Management Group (Auto-Discover) > Terraform
Fill in all required fields in the form (e.g., Management Group Name, Subscription ID, Tenant ID, Resource Group Name, Resource Group Location).
Copy the generated Terraform code snippet.
Create a new directory and save the snippet as
main.tf
.Run the following commands in your terminal:
terraform init terraform plan terraform apply
Additional setup instructions and information about the Firefly onboarding Terraform module are available in Firefly Azure Integration.
Retrieving Required Azure Information
Use the following CLI commands to obtain the necessary values:
Tenant ID:
az account show --query tenantId --output csv
Directory domain:
az ad signed-in-user show --query userPrincipalName --output tsv | cut -d'@' -f2
Provide your Client ID and Client Secret in the Terraform module. These credentials correspond to the Service Principal Firefly will use for authentication.
Azure Discovery Status
To scan your integration for changes and discover new assets:
Procedure
Go to Settings > Integrations > Azure.
Find the integration you want to scan.
For assets changes, on the integration menu, select Scan Assets.
For IaC stacks changes, on the integration menu, select Scan Stacks.
View changes in the Inventory and/or IaC Explorer after several minutes.
Last updated
Was this helpful?