-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Azure
- azure-cli
- On most system, you can install azure-cli using
pip install azure-cli. - Log into an account. The easiest way to do it it with
az login(for more authentication method, you can refer to https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli?view=azure-cli-latest). - Run Scout with the
--cliflag.
- On most system, you can install azure-cli using
- Managed Service Identity
- Configure your identity on the Azure portal(you can refer to https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/)
- Run Scout with the
--msiflag.
- Service Principal
- Set up a service principal on the Azure portal(you can refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal)
- Run Scout with the
--service-principalflag. Scout will prompt you for the required information.
- File-based Authentication
- Create a Service Principal for azure SDK. You can do this with azure-cli using
az ad sp create-for-rbac --sdk-auth > mycredentials.json. - Run Scout while providing it with the credentials file using
--azure-file-auth path/to/credentials/file.
- Create a Service Principal for azure SDK. You can do this with azure-cli using
- User Credentials
- Run Scout using
--user-account. The application will prompt you for your credentials.
- Run Scout using
Scout will require the Reader role over all the resources to assess. The easiest way is to authenticate with a principal that has this role over the target Subscription, as it will be inherited on all the resources.
Using a computer already configured to use azure-cli, you may use Scout using the following command:
$ python scout.py azure --cli
When using Scout in an Azure virtual machine with the Reader role, you may use Scout using the following command:
$ python scout.py azure --msi
When using Scout with a Service Principal, you may run Scout using the following command:
$ python scout.py azure --service-principal
You can also pass the credentials you want directly with command line arguments. The remaining ones will be asked interactively:
$ python scout.py azure --service-principal --tenant <TENANT_ID> --subscription <SUBSCRIPTION_ID> --client-id <CLIENT_ID>
--client-secret <CLIENT_SECRET>
When using scout with an authentication file, you may run Scout using the following command:
$ python scout.py azure --file-auth </PATH/TO/KEY_FILE.JSON>
When using scout against your user account, you may run Scout using the following command:
$ python scout.py azure --user-account
You can also pass the credentials you want directly with command line arguments. The remaining ones will be asked interactively:
$ python scout.py azure --username <USERNAME> --password <PASSWORD>
To run Azure with an MFA-enabled account, you must use the Azure CLI. To do this, first install the cli: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest
Then, you can use az login to log the cli into your account. This will open a web browser and let you log in. Please note that there are no mechanism yet to login with MFA without a web browser.
Once this is done, you can run Scout with the azure cli option -c:
./Scout.py azure -c
- Home
- Getting Started
- Setup
- Compliance
- Configuration and Usage
- Docker
- [v6] Upgrade to v6-alpha
- Advanced Usage
- Understanding the Architecture
- How to Contribute
- FAQ