Discussions
GuidesDiscussions
Discussions

Configuring Azure

Configuring Azure and Giving Funcy Azure Access to Your Account

Suggest Edits

Funcy Azure manages the provisioning of resources your application needs to run on Azure. It does not, however, manage your code deployments. This is typically done via version control systems such as Git (which we support).
To let Funcy Azure manage your infrastructure on Azure we are going to create a Service Principal which allows it to provision and configure the resources in your subscription on your behalf. To get you up and running quickly, we're going to create a Service Principal with a Contribution role at your Azure subscription level.

❗️

Access to your Azure Subscription

In a production environment we recommend reducing the permissions to the Service Principal which the Framework uses. The set of needed permissions and the scope is specific to your application. The Service Principal credentials are stored and expected in the file admin.env (git ignored) in your project root folder. This file is created upon project creation and may be modified later.

In order to create a Service Principal please follow the steps outlined in the following link:
https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/#authenticate-with-password---azure-cli
Please note that currently we are only supporting password authentication. Funcy Azure needs the following information from the steps outlined in the link:

  • Password: The password you defined in step 2
  • AppId: The app id that has been returned to you in step 2 (4fd39843-c338-417d-b549-a545f584a745)
  • TenantId: The object id that has been returned to you in step 3 (7dbc8265-51ed-4038-8e13-31948c7f4ce7)
  • SubscriptionId: The subscription id your service principal has been given access to.

Please note that in the fourth step the service principal is assigned a Reader role only which is not sufficient since Funcy Azure needs to create and update resources on your behalf. Instead please use the following command which grants it a Contributor role:
azure role assignment create --objectId <tenantId> -o Contributor -c /subscriptions/{subscriptionId}/

Updated less than a minute ago