Azure account connection overview

Before Aqua CSPM can produce any security scan results, you must connect a cloud account. For Azure, this is done through the use of an application. An application is an entity that can be assumed by a third party and secured to only access resources in scope. The applications created here will be scoped to a subscription and have read-only access to Azure resources.

Default setup

  1. Login to the Aqua portal.
  2. Select CSPM from the mega menu. 
  3. Select Cloud Accounts from the left side navigation pane.
  4. In the Cloud Accounts page, select Connect Account.
  5. Select the Aqua Group and Microsoft Azure from Cloud Account Type dropdown.
  6. Copy the PowerShell script from the Cloud Account Connection Steps section.
  7. Login to your Azure portal and open the CloudShell Terminal.
  8. Paste and run the copied script in the CloudShell Terminal. 
  9. Once the setup is complete, copy and paste the generated Application ID, Key Value, Subscription ID, and Directory ID in the Connect a Cloud Account page in the Aqua portal. 
  10. Click Connect Account
  11. Your Azure account is now connected to Aqua. You can view your new account in the Cloud Accounts page. 
  12. To edit the cloud account name, locate the newly created Azure account, click three dots at the end of the table and select Edit Account
  13. In the Edit Connected Account page, enter the desired account name and group. Click Save

Bulk upload

  1. Navigate to the Cloud Accounts page. Click Connect Account on the top right. 
  2. Choose Azure under Account Type and Bulk Upload under Method.

3. Download the CSV template file.

4. Use the Manual Setup steps to create an application and connect it to all your subscriptions.

5. For each subscription you connect, add the subscription ID, Application ID and Key Value to the CSV. Add a maximum of 50 Azure subscriptions.

6. Drop the completed CSV file onto the Aqua connection wizard and select Connect Accounts.

Azure PowerShell onboarding resources list