Associating Cloudivize to your AWS Account

Cross-Account IAM Role for Access Management

To create a role in the owning account to be managed by Cloudivize, follow these steps 

Defining Azure Credentials


Register an Application with Azure AD

  • Sign in to the Azure Portal as an administrator

  • Select Azure Active Directory

  • Select App registrations

  • Select New registration

  • Give the application a name you want and Click Register

Create a New Application Secret

  • Select Azure Active Directory

  • From App registrations select your application

  • Select Certificates & secrets

  • At Client secrets section click New client secret

  • Give the secret some description and defined the expatriation period as you wish

  • Copy the value and keep it. it is required by Cloudivize

For Cloudivize, copy the Application (client) IDDirectory (tenant) ID from from the the Overview of the defined application above, and also copy the Secret you defined above, then past those to Cloudivize Account Settings. If you defined the role correctly, you will get the green-glow on the relevant text boxes.

This will complete the association between Cloudivize to your AWS Account. But you still need to grant the defined application the desired permissions (Role). See next.

Assign a Role to the Application

  • Select Subscriptions

  • Select the Subscription you want to assign to the application you created above

  • Select Access control (IAM)

  • Click Add at Add a role assignment

  • at Role filed assign the relevant roles you want to give to the application (see later for more details)

  • At the Select field find the Application you defined above (by name) and select it

  • Save


Important Notes:

  1. You can choose to start using Cloudivize with the Reader Role assigned to your defined Application. Just notice:

    • You will not be able to edit attributes of your assets nor act on it until allowing those actions at your attached policy​.

    • You will not see some Azure assets type (such as all RBAC Identity assets, or Storage Account keys) since they are not included at this role.

Fro more information see Azure documentation here