Azure Account - Azure Custom Roles and Directory Application User
The Azure AD/RBAC service (see https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/) enables the creation and enforcement of access privilege policies. For the Velostrata deployment, we leverage Azure Directory and Role Based Access service. As a minimal setup, we recommend the following configuration:
- Create an Azure Custom Role (for example, Velostrata Operations Role) for use by Velostrata Azure application user. This role provides the minimum privileges required to access Azure services and operations, without managing persistent credentials per instance. A PowerShell cmdlet is provided to create this role.
- Create an Azure Directory Application user and assign the Velostrata Operations Role with applicable minimum privileges required for the Velostrata service user and for Velostrata Cloud Edge instances.
Velostrata provides Azure PowerShell cmdlets to automate the create of the Azure Active Directory Application User and Custom Role. There are two options to create this: