Skip to main content

Cloud

Onboard an Azure Subscription using a Terraform Illumio Onboarding Application

Learn how to onboard an Azure subscription using Terraform.

You must first create a Terraform Illumio Segmentation for the Cloud onboarding application. See Create a Terraform Illumio Onboarding Application for Azure.

Use your newly created application to onboard your Azure subscription with Illumio Segmentation for the Cloud. You need to onboard each subscription separately to onboard the entire tenant. To onboard your your Azure subscription with your newly created application, modify your Terraform script to resemble following script on GitHub.

Modify and run your Terraform script to onboard your subscription

Enter Your Saved Variable Values

The azure_subscription_dev module uses the following variables that you have saved to a text file as described in Create a Terraform Illumio Onboarding Application for Azure. Modify your script so that it contains your saved variable values.

  • azure_subscription_id

  • azure_client_id

  • azure_client_secret

  • azure_tenant_id

Enter Your Variable Values Generated during Service Account Creation

The module also uses the following service account variables that you need to get from Illumio Segmentation for the Cloud when you create a service account:

  • illumio_cloudsecure_client_id

  • illumio_cloudsecure_client_secret

Create a service account in Illumio Segmentation for the Cloud and get the variable values:

  1. Navigate to https://console.illum.io/ and sign in. See Activating your Account and Signing in.

  2. Browse to to Cloud > Settings > Service Accounts.

  3. Click Add, then enter a name and description, and click Save..

    The service account appears in your list with the name and client ID displayed. Copy the client ID.

  4. Click on the service account to open its details page.

  5. Under Secrets, click Add, then enter a name and click Save.

    A dialog appears with the client secret obscured. Copy the client secret.

    copy-secret-4-service-acct.png

  6. Modify your script so that it contains your copied variable values.

Run Your Terraform Script

  1. Modify your Terraform script to specify read or read and write permissions.

  2. Run your Terraform script.

    The Terraform module uses these credentials to create a new application in Azure. This application in turn gives your recently created application the permissions required for Illumio Segmentation for the Cloud to onboard your Azure subscription. The module checks for the permissions mode (read/read andwrite) to provision appropriate permissions.

What to do after onboarding Azure with Terraform

When finished, the Onboarding page opens and displays a new row for that account.

For the next steps after onboarding an account, see Onboarding Azure and After onboarding your accounts.