Azure Account - Azure Custom Roles and Directory Application User

The Azure AD/RBAC service (see https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/) enables the creation and enforcement of access privilege policies. For the Velostrata deployment, we leverage Azure Directory and Role Based Access service. As a minimal setup, we recommend the following configuration:

  • Create an Azure Custom Role (for example, Velostrata Operations Role) for use by Velostrata Azure application user. This role provides the minimum privileges required to access Azure services and operations, without managing persistent credentials per instance. A PowerShell cmdlet is provided to create this role.
  • Create an Azure Directory Application user and assign the Velostrata Operations Role with applicable minimum privileges required for the Velostrata service user and for Velostrata Cloud Edge instances.

Velostrata provides Azure PowerShell cmdlets to automate the create of the Azure Active Directory Application User and Custom Role. There are two options to create this:

  1. Create the full Velostrata Reference Stack on Azure.
  2. Create just the Velostrata Azure AD Application User and role.