- Home
- Platform Orchestrator
- Security
- Cloud Accounts
- Azure
-
- Overview
-
- Overview
- Deploy your Application
- Manage your Java application
- Migrate an Application
- Provision Amazon S3 Buckets
- Deploy an Amazon S3 Resource to production
- Set up the reference architecture in your cloud
- Scaffold a new Workload and create staging and prod Environments
- Update Resource Definitions for related Applications
- Provision a Redis cluster on AWS using Terraform
- Perform daily developer activities (debug, rollback, diffs, logs)
- Deploy ephemeral Environments
-
-
Azure
Prerequisites #
To manage any Cloud Account using the instructions below, you need:
-
The humctl CLI installed.
-
These environment variables set:
export HUMANITEC_ORG=<your-humanitec-org-id> export HUMANITEC_TOKEN=<humanitec-access-token>
Azure Service Principal Client ID & Password #
Credentials: static
Create the Cloud Account #
-
Create a service principal which will be used by the Humanitec Platform Orchestrator.
export ROLE_NAME=humanitec-spn export SPN_OUTPUT=$(az ad sp create-for-rbac --display-name $ROLE_NAME)
Export the values, needed for the Cloud Account:
export SPN_APP_ID=$(echo $SPN_OUTPUT | jq -rM .appId ) export SPN_PASSWORD=$(echo $SPN_OUTPUT | jq -rM .password ) export SPN_TENANT=$(echo $SPN_OUTPUT | jq -rM .tenant )
-
Create a Cloud Account in the Platform Orchestrator.
Define the name and id of the new Cloud Account:
export CLOUD_ACCOUNT_NAME="My Azure Cred Account" export CLOUD_ACCOUNT_ID=my-azure-cred
If you haven’t already done so (see Prerequisites), define these environment variables:
export HUMANITEC_ORG=<your-humanitec-org-id> export HUMANITEC_TOKEN=<humanitec-access-token>
Create the Cloud Account:
humctl api post /orgs/${HUMANITEC_ORG}/resources/accounts \ -d '{ "name": "'"${CLOUD_ACCOUNT_NAME}"'", "id": "'"${CLOUD_ACCOUNT_ID}"'", "type": "azure", "credentials": { "appId": "'"${SPN_APP_ID}"'", "password": "'"${SPN_PASSWORD}"'", "tenant": "'"${SPN_TENANT}"'" } } '
Using the Humanitec Terraform Provider:
resource "humanitec_resource_account" "azure" { id = var.cloud_account_id name = var.cloud_account_name type = "azure" credentials = jsonencode({ "appId" = var.azure_client_id "password" = var.azure_client_secret "tenant" = var.azure_tenant_id }) }
Inside the API, Cloud Accounts are called Resource Accounts, both represent the same entity.
-
Assign the required roles to Service Principal.
The Cloud Account is now ready for use by any Drivers supporting the
azure
Account type. Remember to assign the required permissions to the Service Principal on the target Azure services depending on the kind of operations it needs to perform.
Example: connect to an AKS cluster #
This example Resource Definition uses the AKS cluster Driver to connect to an AKS cluster. It includes a Cloud Account of type azure
via the driver_account
setting. The Cloud Account credentials will be automatically picked up by the Driver with no further configuration required.
aks-static-credentials-cloudaccount.yaml
(view on GitHub)
:
# Connect to an AKS cluster using static credentials defined via a Cloud Account
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: aks-static-credentials-cloudaccount
entity:
name: aks-static-credentials-cloudaccount
type: k8s-cluster
# The driver_account references a Cloud Account of type "azure"
# which needs to be configured for your Organization.
driver_account: azure-static-creds
driver_type: humanitec/k8s-cluster-aks
driver_inputs:
values:
loadbalancer: 20.10.10.10
name: demo-123
resource_group: my-resources
subscription_id: 12345678-aaaa-bbbb-cccc-0987654321ba
# Add this exact server_app_id for a cluster using AKS-managed Entra ID integration
# server_app_id: 6dae42f8-4368-4678-94ff-3960e28e3630