ParkMyCloud, Inc

            Creating An Azure Credential Manually Using Windows Powershell

            1. Install Azure Cmdlets in Windows Powershell:
            • Open a Powershell window as administrator
            • Run the following commands:
            Install-Module AzureRM
            Install-Module Azure
            • You can verify proper installation by typing the following command:
            Get-Module

            Output:

            PS C:\WINDOWS\system32> Get-Module
            ModuleType  Version            Name                                                                     ExportedCommands
            -------       -------             ----                                                                     ----------------
            Script            3.3.0            AzureRM                                                             {Add-AzureKeyVaultCertificate, ...}
            Script            3.2.0            AzureRM.ApiManagement                                {Add-AzureRmApiManagementApiToProduct, ...
            Manifest 3.1.0.0         Microsoft.PowerShell.Management           {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
            Manifest 3.1.0.0         Microsoft.PowerShell.Utility                  {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
            Binary 1.0.0.1         PackageManagement                                          {Find-Package, Find-PackageProvider, Get-Package, Get-PackageProvider...}
            Script 1.0.0.1         PowerShellGet                                                  {Find-Command, Find-DscResource, Find-Module, Find-RoleCapability...}
            Script 1.2                  PSReadline {Get-PSReadlineKeyHandler, Get-PSReadlineOption, ...}

            2. Login into Azure:

            • Execute the following command:
            Login-AzureRmAccount  
            • You will be walked through a series of 3 login screens:






            3. Get the Subscription ID and Tenant ID:
            • Once you have logged in information from the default subscription will be displayed:
            Output
            Environment            : AzureCloud
            Account                : joe_user@someplace.com
            TenantId               : 0a31c9b8-1734-4141-95b4-efd9f4c247ca
            SubscriptionId         : 11aaa902-82ca-4b18-9641-0b7825f7eb42
            SubscriptionName       : PMC-1-As-U-Go
            CurrentStorageAccount  :
            • Here you have the first two pieces of information:
              • Subscription ID (in this case, 11aaa902-82ca-4b18-9641-0b7825f7eb42)
              • Tenant ID (in this case, 0a31c9b8-1734-4141-95b4-efd9f4c247ca)

            • Note: If you wish to use a subscription other than the default then use the following command:
            Get-AzureRmSubscription
            Output

            SubscriptionName      : My-First-Subscription
            SubscriptionId            : 0a31c9b8-1734-4141-95b4-efd9f4c247ca
            TenantId                        : 11aaa902-82ca-4b18-9641-0b7825f7eb42
            State                              : Enabled
            SubscriptionName      : My-Second-Subscription
            TenantId                        : 3e20c9b8-2932-4334-95b4-efd9f4c2476a
            State                              : Enabled
            SubscriptionId            : 6d6a385d-5921-4223-b6f8-88ca2498e0c9
            • And use the ID and Tenant ID number from that output below. Use the SubscriptionName and rerun Get-AzureRmSubscription:
            Get-AzureRmSubscription -SubscriptionName My-Second-Subscription

            4. Get Client ID/Application ID and the Key:
            • For this step you will need to create an application within your subscription. From the command line this can be done by typing:
            New-AzureRmADApplication -DisplayName "Your App Name" -IdentifierUris "https:/id.uris" -HomePage "https://your.home.page" -EndDate "mm-dd-yyyy"
            • In this example, I used the following values:
              • DisplayName: "PMC Azure Dev"
              • Password: "parkmycloud!"
              • IdentifierUris: "https://PMC-Azure-Dev-not-used" (HEADS UP: This needs to be unique. Be creative. Use something different.)
              • HomePage: "https://console.parkmycloud.com"
              • EndDate: "01-02-2299" (a.k.a, permanent)
            Output

            DisplayName                                    : PMC Azure Dev


            ObjectId                                          : d10e4fd3-1939-42e2-a8a9-91ff9952f84e

            IdentifierUris                              : {https://PMC-Azure-Dev-not-used}

            HomePage                                          : https://console.parkmycloud.come

            Type                                                      : Application

            ApplicationId                                    : 7d3157b9-f26d-4516-bf6e-4fc8de854688

            AvailableToOtherTenants            : False

            AppPermissions                              :

            ReplyUrls                                           :

            Here you will need to copy the AppId (in this case, 7d3157b9-f26d-4516-bf6e-4fc8de854688).

            Your App Access Key is simply the password you just entered (in this case, parkmycloud!).

            At this point you have everything you need for ParkMyCloud. However, there are a few more steps you need to complete the configuration on the Azure side.
            5. Create a Service Principal for the Application:
            • You will need to create a Service Principal for the application by passing the Application ID from above:
            New-AzureRmADServicePrincipal -ApplicationID "Enter the App ID from above here"
            Output
            DisplayName            Type                       ObjectID
            ------------------    -------                    -----------
            PMC Azure Dev    ServicePrincipal      118e4955-a4ee-48fd-9acd-60181b09e796
            • Copy the Service Principal Object ID from the response for the next step.
            6. Create a Custom Role with Limited Permissions:
            • Get the example role from the ParkMyCloud console Add Credential page, and paste it into a file (we called it ExampleAzureRolePerms.json). It may look a little different from what's below, but you get the idea. (The latest permissions example will always be found in the ParkMyCloud console).
            • Suggest you give it the same name as the application
            • Perhaps referencing the application name in the description would also be helpful
            • Enter the subscription ID from step 3 as well:

              {

              "Name": "PMC Azure Dev",

              "Description": "PMC Azure Dev Role",

              "IsCustom": "true",

              "Actions": [

              "Microsoft.Compute/virtualMachines/read",

              "Microsoft.Compute/virtualMachines/*/read",

              "Microsoft.Compute/virtualMachines/start/action",

              "Microsoft.Compute/virtualMachines/deallocate/action",

              "Microsoft.Compute/virtualMachineScaleSets/read"

              "Microsoft.Compute/virtualMachineScaleSets/write"

              "Microsoft.Compute/virtualMachineScaleSets/start/action",

              "Microsoft.Compute/virtualMachineScaleSets/deallocate/action",

              "Microsoft.Compute/virtualMachineScaleSets/*/read",

              "Microsoft.Resources/subscriptions/resourceGroups/read"

              ],

              "NotActions": [],

              "AssignableScopes": [

              "/subscriptions/<Your_subscription_ID_here>"

              ]

              }

            • Then execute the following command:
            New-AzureRmRoleDefinition -InputFile ExampleAzureRolePerms.json
            Output
            Name             : PMC Azure Dev
            Id               : 0295c03d-c93c-482a-ad07-885e3e842695
            IsCustom         : True
            Description      : PMC Azure Dev Role
            Actions          : {Microsoft.Compute/virtualMachines/read, Microsoft.Compute/virtualMachines/*/read, Microsoft.Compute/virtualMachines/start/action,
                               Microsoft.Compute/virtualMachines/deallocate/action...}
            NotActions       : {}
            AssignableScopes : {/subscriptions/11aaa902-82ca-4b18-9641-0b7825f7eb42}
            7. Assign the Custom Role to Service Principal:
            • The final step will be to map this custom role you have just created to the service principal:
            New-AzureRmRoleAssignment -ObjectId <Service principal Object Id> -RoleDefinitionId "<RoleId >" -Scope "/subscriptions/<Subscription ID>"
            Where:

            • Service Principal Object Id is from Step 5
            • Role Definition Id is from Step 6 and
            • Scope is Subscription ID from Step 3


            Output

            RoleAssignmentId   : /subscriptions/11aaa902-82ca-4b18-9641-0b7825f7eb42/providers/Microsoft.Authorization/roleAssignments/7e76e563-ee34-4a06-a994-01855a301141
            Scope              : /subscriptions/11aaa902-82ca-4b18-9641-0b7825f7eb42
            DisplayName        : PMC Azure Dev
            SignInName         :
            RoleDefinitionName : PMC Azure Dev
            RoleDefinitionId   : 0295c03d-c93c-482a-ad07-885e3e842695
            ObjectId           : 118e4955-a4ee-48fd-9acd-60181b09e796
            ObjectType         : ServicePrincipal
            That completes the application configuration within Azure. Now, you merely need to fill in the blanks on the credential page, give it a name and select a team to complete the configuration within ParkMyCloud




            Troubleshooting:

            * List custom roles:
            Get-AzureRmRoleDefinition -Custom

            * Show the current custom role:
            Get-AzureRmRoleDefinition -Name "PMC Azure Dev"

            * Modify the current custom role:
            Set-AzureRmRoleDefinition -InputFile

            * Remove a role assignment from a Service Principal:
            Remove-AzureRmRoleAssignment -ObjectId <Service Principal Object ID> -RoleDefinitionId <Role Definition Id>

            Updated: 09 Feb 2017 10:10 AM
            Helpful?  
            Help us to make this article better
            0 0