-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Azure
1. On most system, you can install azure-cli using `pip install azure-cli`.
2. Log into an account. The easiest way to do it it with `az login`(for more authentication method,
you can refer to https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli?view=azure-cli-latest).
3. Run Scout with the `--cli` flag.
1. Configure your identity on the Azure portal (you can refer to
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
2. Run Scout with the `--msi` flag.
1. Set up a service principal on the Azure portal (you can refer to
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal)
2. Run Scout with the `--service-principal` flag. Scout will prompt you for the required information.
1. Create a Service Principal for azure SDK. You can do this with azure-cli using
`az ad sp create-for-rbac --sdk-auth > mycredentials.json`.
2. Run Scout while providing it with the credentials file using
`--azure-file-auth path/to/credentials/file`.
1. Run Scout using `--user-account`. The application will prompt you for your credentials.
Scout will require the Reader
role over all the resources to assess. The easiest way is to authenticate with a principal that has this role over the target Subscription, as it will be inherited on all the resources.
You can also pass the credentials you want directly with command line arguments. The remaining ones will be asked interactively:
$ python scout.py azure --service-principal --tenant <TENANT_ID> --subscription <SUBSCRIPTION_ID> --client-id <CLIENT_ID>
--client-secret <CLIENT_SECRET>
You can also pass the credentials you want directly with command line arguments. The remaining ones will be asked interactively:
$ python scout.py azure --username <USERNAME> --password <PASSWORD>
To run Azure with an MFA-enabled account, you must use the Azure CLI. To do this, first install the cli: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest
Then, you can use az login
to log the cli into your account. This will open a web browser and let you log in. Please note that there are no mechanism yet to login with MFA without a web browser.
Once this is done, you can run Scout with the azure cli option -c
:
./Scout.py azure -c
- Home
- Getting Started
- Setup
- Compliance
- Configuration and Usage
- Docker
- [v6] Upgrade to v6-alpha
- Advanced Usage
- Understanding the Architecture
- How to Contribute
- FAQ