Skip to content

gofireflyio/ps-firefly-azure-onboarding

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
.idea
.idea
 
 
scripts
scripts
 
 
README.md
README.md
 
 

Repository files navigation

Firefly Azure Onboarding

Powershell script for onboarding Azure into Firefly

The script creates the application registration and service principal needed for firefly to scan the cloud.

The application registration itself is given the standard Directory.Read.All permission to fetch AD resources. To opt-out set $enableAcitveDirectory=false

The service principal is given the standard roles:

  • Reader to fetch Azurerm resources
  • Security Reader to fetch Azure Security Center resources
  • Billing Reader to provide cost optimization recommendations To opt-out of cost optimization set $enableCostOptimization=false To opt-out of azure Security Center resources set $enableSecurityCenterResources=false

Also, a custom role with the following permissions is attached:

  • Microsoft.Storage/storageAccounts/listkeys/action
  • Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/action
  • Microsoft.DocumentDB/databaseAccounts/listKeys/action
  • Microsoft.DocumentDB/databaseAccounts/readonlykeys/action
  • Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
  • Microsoft.Web/sites/config/list/Action
  • Microsoft.Cache/redis/listKeys/action

Inorder to read Terraform state files from blob storage, the role also has permissions to read blob objects with .tfstate suffix

About

Powershell script for onboarding Azure into Firefly

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages