Skip to main content

Check out Port for yourselfย 

Installation

First Time Installation

For your first deployment of the Azure exporter, we recommend starting with the Helm/scheduled installation method to perform the initial data sync. Once the initial data sync is complete, you can switch to the Terraform deployment method for real-time data sync.

Installation Methodsโ€‹

The Azure exporter is deployed using helm on kubernetes.

This way of deployment supports scheduled resyncs of resources from Azure to Port.

Prerequisites

Azure App Registration Setup

To ingest resources from Azure, you will need to create an Azure App Registration and assign it read permissions to the resources you want to ingest.

  1. Create an Azure App Registration in the Azure portal.




  1. Copy the Application (client) ID and Directory (tenant) ID from the App Registration.


  1. Create a client secret for the App Registration.


  1. Copy the Application (client) Secret from the App Registration.


  1. Create a new role assignment for the App Registration. Go to the Access control (IAM) section of the subscription you want to ingest resources from.

    Click on Add role assignment.
Multi Account Support

It is supported to ingest resources from multiple subscriptions, for that you will have to repeat the role assignment for each subscription you want to ingest resources from.



  1. Assign the Reader role to the App Registration.
Permissions

The Reader role is recommended for querying all resources in your Azure subscription. You can restrict permissions to specific resource groups or types by assigning a different role. If you do this, remember to adjust permissions when adding more resources to the catalog. Basic permissions required for ingesting resources from Azure include:

  • Microsoft.Resources/subscriptions/read (to list the accessible subscriptions)
  • Microsoft.Resources/subscriptions/resourceGroups/read (to list the accessible resource groups)
  • read/list permissions to the resources you want to ingest


Installation

Now that you have the Azure App Registration details, you can install the Azure exporter using Helm.

You should have the following information ready:

  • Port API credentials, you can check out the Port API documentation.
    • PORT_CLIENT_ID
    • PORT_CLIENT_SECRET
  • Azure Credentials:
    • AZURE_CLIENT_ID: The Application (client) ID from the Azure App Registration.
    • AZURE_CLIENT_SECRET: The Application (client) Secret from the Azure App Registration.
    • AZURE_TENANT_ID: The Directory (tenant) ID from the Azure App Registration.
helm repo add --force-update port-labs https://port-labs.github.io/helm-charts
helm upgrade --install azure port-labs/port-ocean \
--set port.clientId="PORT_CLIENT_ID" \
--set port.clientSecret="PORT_CLIENT_SECRET" \
--set port.baseUrl="https://api.getport.io" \
--set initializePortResources=true \
--set sendRawDataExamples=true \
--set scheduledResyncInterval=1440 \
--set integration.identifier="azure" \
--set integration.type="azure" \
--set integration.eventListener.type="POLLING" \
--set integration.config.azureClientId="<AZURE_CLIENT_ID>" \
--set integration.config.azureClientSecret="<AZURE_CLIENT_SECRET>" \
--set integration.config.azureTenantId="<AZURE_TENANT_ID>"
Selecting a Port API URL by account region

The baseUrl, port_region, port.baseUrl, portBaseUrl, port_base_url and OCEAN__PORT__BASE_URL parameters are used to select which instance or Port API will be used.

Port exposes two API instances, one for the EU region of Port, and one for the US region of Port.

FAQ: Multiple Subscriptions Supportโ€‹

How do I configure the Azure exporter to ingest resources from multiple subscriptions?

To configure the Azure exporter to ingest resources from other subscriptions, follow these steps:

  1. Navigate to the Subscription:

    • Go to the Azure portal and select the subscription you want to ingest resources from.
  2. Assign Permissions:

    • In the subscription's Access control (IAM) section, go to the Role assignment tab.
    • Choose the appropriate role for the managed identity responsible for the integration.
    • Assign this role to the managed identity associated with the integration.
  3. Repeat the Process:

    • Repeat the above steps for each subscription you wish to include.

How do I set up real-time data ingestion from multiple subscriptions?

For real-time data ingestion, you will need to set up an Event Grid System Topic and an Event Grid Subscription in each subscription you want to ingest resources from. The system topic should be of type Microsoft.Resources.Subscriptions.

If you are using the terraform deployment method, refer to the Azure Integration example for more information.

Next Stepsโ€‹

  • Refer to the Resource Templates page for templates on how to map Azure resources to Port.