Prerequisites - Azure (4.2)

For details on compatible versions, please refer to the https://infozone.atlassian.net/wiki/x/owDKCg.

Azure Specific Tools

The following Azure specific tool is required to be installed locally:

Azure CLI: The Azure command line interface. Installation instructions can be found here:

For details on compatible versions, please refer to the Compatibility Matrix (4.2)

Minimum IAM User Policy

To use the installation guide, you need to ensure the user who performs the installation was granted with minimum permission in order to be able to provision Azure resources.

You do not need to setup the following if the user that performs the installation was granted with Owner role.

For best practice it is preferably to set up a minimum IAM role for the user to perform the installation.

To manage Azure access role, please refer to Azure documentation https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps and https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles for guidance.

The following table contains the permissions required by the application.

Application	IAM Role Permission

Application

IAM Role Permission

Terraform

{
  "Name": "UEPE Terraform Role",
  "IsCustom": true,
  "Description": "Minimum permissions that required by terraform",
  "Actions": [
    "Microsoft.Compute/*",
    "Microsoft.Network/*",
    "Microsoft.Authorization/*/read",
    "Microsoft.Authorization/*/write",
    "Microsoft.Authorization/*/delete",
    "Microsoft.Resources/deployments/*",
    "Microsoft.Resources/subscriptions/operationresults/read",
    "Microsoft.Resources/subscriptions/read",
    "Microsoft.Resources/subscriptions/resourceGroups/read,
    "Microsoft.Management/managementGroups/read",
    "Microsoft.Storage/*",
    "Microsoft.StorageSync/*",
    "Microsoft.ContainerService/managedClusters/*",
    "Microsoft.ContainerService/containerServices/*",
    "Microsoft.KubernetesConfiguration/extensions/*",
    "Microsoft.DBforPostgreSQL/*",
    "Microsoft.ManagedIdentity/userAssignedIdentities/*",
    "Microsoft.Insights/alertRules/*",
    "Microsoft.Insights/diagnosticSettings/*",
    "Microsoft.Features/providers/features/register/action",
    "Microsoft.ResourceHealth/availabilityStatuses/read"
  ],
  "NotActions": [],
  "DataActions": [
    "Microsoft.ContainerService/managedClusters/*",
    "Microsoft.Storage/storageAccounts/*"  
  ],
  "NotDataActions": [],  
  "AssignableScopes": []
}