Documentation and Guides

Install Azure connector on ACI using PowerShell

The remainder of this guide focuses on installing and configuring the Azure Apono connector on ACI in your Azure environment using PowerShell.

Before you begin

You must satisfy the Apono connector for Azure requirements to complete this tutorial.

Installation Steps

In The Terminal

  1. Export the following environment variables.

APONO_CONNECTOR_ID=<A_UNIQUE_CONNECTOR_NAME>
APONO_TOKEN=<APONO_TOKEN>
SUBSCRIPTION_ID=<AZURE_SUBSCRIPTION_ID>
RESOURCE_GROUP_NAME=<AZURE_RESOURCE_GROUP_NAME>
MANAGEMENT_GROUP_NAME=<AZURE_MANAGEMENT_GROUP_NAME>

  1. login to Azure

Connect-AzAccount

  1. Export REGION environment variable.

$REGION=$(Get-AzResourceGroup -Name $RESOURCE_GROUP_NAME).Location

  1. Run the following command to deploy the connector on your ACI.

$port = New-AzContainerInstancePortObject -Port 80 -Protocol TCP

$env_var1 = New-AzContainerInstanceEnvironmentVariableObject -Name "APONO_CONNECTOR_ID" -Value $APONO_CONNECTOR_ID

$env_var2 = New-AzContainerInstanceEnvironmentVariableObject -Name "APONO_TOKEN" -Value $APONO_TOKEN

$env_var3 = New-AzContainerInstanceEnvironmentVariableObject -Name "APONO_URL" -Value "api.apono.io"

$jsonValue = @{
    cloud_provider = "AZURE"
    subscription_id = $SUBSCRIPTION_ID
    resource_group = $RESOURCE_GROUP_NAME
    region = $REGION
    is_azure_admin = $true
} | ConvertTo-Json -Compress

$env_var4 = New-AzContainerInstanceEnvironmentVariableObject -Name "CONNECTOR_METADATA" -Value $jsonValue

$container = New-AzContainerInstanceObject -Image registry.apono.io/apono-connector:v1.6.7 -Name $APONO_CONNECTOR_ID -Port @($port) -EnvironmentVariable @($env_var1, $env_var2, $env_var3, $env_var4) -RequestCpu 1 -RequestMemoryInGb 1.5 

$imageRegistryCredential = New-AzContainerGroupImageRegistryCredentialObject -Server "registry.apono.io" -Username "apono" -Password (ConvertTo-SecureString $APONO_TOKEN -AsPlainText -Force)

$PRINCIPAL_ID=$(New-AzContainerGroup -SubscriptionId $SUBSCRIPTION_ID -ResourceGroupName $RESOURCE_GROUP_NAME -Name $APONO_CONNECTOR_ID -Container $container -OsType Linux -ImageRegistryCredential $imageRegistryCredential -Location $REGION -IdentityType "SystemAssigned").IdentityPrincipalId

  1. Add the User Access Administrator role to the connector in the subscription scope.

New-AzRoleAssignment -ObjectId $PRINCIPAL_ID -ObjectType "ServicePrincipal" -RoleDefinitionName "User Access Administrator" -Scope /providers/Microsoft.Management/managementGroups/$MANAGEMENT_GROUP_NAME

  1. For Azure AD, add the Director Readers role to the connector.

$payload = @{
    principalId = $PRINCIPAL_ID
    roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
    directoryScopeId = "/"
} | ConvertTo-Json -Depth 3

Invoke-AzRestMethod -Method POST -Uri https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments -Payload $payload

For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.

# First role assignment
$payload1 = @{
    principalId = $PRINCIPAL_ID
    roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c"
    directoryScopeId = "/"
} | ConvertTo-Json -Depth 3

Invoke-AzRestMethod -Method POST -Uri https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments -Payload $payload1

# Second role assignment
$payload2 = @{
    principalId = $PRINCIPAL_ID
    roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814"
    directoryScopeId = "/"
} | ConvertTo-Json -Depth 3

Invoke-AzRestMethod -Method POST -Uri https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments -Payload $payload2

  1. On the Connectors page, verify that the connector has been updated.

Next Steps

PowerShell

PreviousInstall Azure connector on ACI using Azure CLINextInstall Azure connector on ACI using Terraform

Last updated