I’m pleased to announce that now you can manage your Azure Subscriptions through Cloud Portam. Over this weekend we released a new version of Cloud Portam where we included basic Azure Subscription management capabilities. This blog post talks about the things you could currently do as far as managing your Azure Subscription and where we are going with this functionality.
Features Currently Supported
Following are the features currently supported by Cloud Portam when it comes to managing your Azure Subscription:
- You can connect to one or more Azure Subscriptions simultaneously through the application. You don’t have to logout of one Azure Subscription and log back in into another Subscription to manage it.
- Azure Subscription management in Cloud Portam makes use of Azure Resource Manager (ARM) API and Role-Based Access Control (RBAC).
- You can manage roles. Currently ARM API only exposes system defined roles that you can view through Cloud Portam. You can also view the permissions associated with a role as well.
- You can manage resource groups. You can create new resource groups, edit existing resource groups, delete them and lock/unlock them.
- You can manage resource providers. You can view the list of resource providers, register your subscription with a resource provider or unregister your subscription with a resource provider.
We will talk about these features in greater detail later in the post.
Adding an Azure Subscription
Let’s first talk about how you can add an Azure Subscription in Cloud Portam so that you can manage that using the application. To add an Azure Subscription, Cloud Portam relies on Azure Active Directory (AD) because we get a token to execute ARM API from the Azure AD you specify.
On the Cloud Resources dashboard, select the option to add a new Azure Subscription.
Then you will be asked to provide the domain name of your Azure AD.
Once you specify the domain name of Azure AD, you will be redirected there for login and authorization. You can login using either a local Azure AD account or a Microsoft account associated with that Azure AD.
After successful authentication, you will be asked to authorize Clout Portam for 2 permissions: 1) Sign you in and read your profile and 2) Access Azure Service Management.
After you accept it, you will be redirected back to Cloud Portam application where the application will fetch the list of subscriptions associated with your login in the Azure AD you have specified.
You will see a popup window like the one below if the application finds a single Azure Subscription. You will be shown the Azure AD name, Azure Subscription Id, and name of Azure Subscription.
You can change the friendly name and the group in which you want to place this Azure Subscription. Once you click/press the “Finish” button, application will store this information in Cloud Portam’s database and show you a confirmation screen.
Click/press “Manage” button to start managing your Azure Subscription!
You will see a popup window like the one below if the application finds multiple Azure Subscriptions associated with your login in the Azure AD you have specified.
To add an Azure Subscription simply select that Subscription by checking the appropriate check box and changing the friendly name and group and click/press “Next”.
Simply click/press “Finish” button to add selected subscriptions.
Connecting to an Azure Subscription
To connect to an Azure Subscription, simply click on the desired subscription link on the dashboard.
You will be prompted to login into the Azure AD associated with that Subscription.
Please note that Cloud Portam allows you to connect to multiple Azure Subscriptions without logging out of one Subscription. To connect to another Azure Subscription, simply repeat the steps outlined above for another subscription.
Cloud Portam enables you to view all the available roles in your Azure Subscription. Currently ARM API only supports pre-defined roles and using Cloud Portam you can view those roles. You can view the role description, actions allowed in the role and the actions not allowed in the role.
Managing Resource Groups
When it comes to managing Resource Groups, Cloud Portam enables you to perform following operations.
View Resource Groups
Cloud Portam enables you to view the list of resources groups in your Azure Subscription on which you have at least “Read” permission. It will also tell you if or not a resource group is locked.
Permissions on all Resource Groups
Cloud Portam makes it super easy for you to find out your permissions on all resource groups so that you will know ahead of time what you can and cannot do with all resource groups in your Azure Subscription. Please note that you may have different set of permissions on different resource groups. For example, while you may have “Read” permission on all resource groups but you may have “Delete” permission on one or more resource groups in your Azure Subscription.
Create Resource Group
Cloud Portam enables you to create resource groups in your Azure Subscription. When creating a resource group, you can also define tags for the resource group as well.
Again RBAC is baked right into the flow and you will not even be shown the popup to create a resource group if you do not have permission to do so. For example, if you are connected to an Azure Subscription in “Reader” role (i.e. you don’t have permission to create a resource group) and when you try to create a resource group, this is what will be shown to you.
Edit Resource Group
Cloud Portam enables you to edit properties of an existing resource group. Currently only tags are editable.
Again RBAC is baked right into the flow and you will not even be shown the popup to edit a resource group if you do not have permission to do so. For example, if you are connected to an Azure Subscription in “Reader” role (i.e. you don’t have permission to edit a resource group) and when you try to edit a resource group, this is what will be shown to you.
View Resource Group Properties
This read-only popup screen would enable you to view properties of a resource group.
Delete Resource Group(s)
Cloud Portam enables you to delete one or more resource groups.
View Permissions on a Resource Group
Cloud Portam enables you to view permissions you have on a resource group.
Manage Locks on a Resource Group
A lock on a resource group prevents that resource group from being accidently updated or deleted. Cloud Portam enables you to view locks on a resource group, delete a lock from a resource group and create a lock on a resource group.
Again RBAC is baked right into the flow and you will not even be shown the popup to create a lock on a resource group if you do not have permission to do so. For example, if you are connected to an Azure Subscription in “Reader” role (i.e. you don’t have permission to create a lock on a resource group) and when you try to create a lock on a resource group, this is what will be shown to you.
Managing Resource Providers
When it comes to managing Resource Providers, Cloud Portam enables you to perform following operations.
List Resource Providers
Cloud Portam enables you to view a list of all resource providers available to you. You can view whether or not your subscription is registered with a particular resource provider. You can also view the number of resources of a particular resource provider type.
View Information about a Resource Provider
Cloud Portam also enables you to view information about a resource provider.
You can view all the resource types associated with a particular resource provider, the locations where you can create a resource of that type and the supported API versions.
Register Subscription with Resource Provider
Cloud Portam enables you to register your Azure Subscription with a Resource Provider. You must register your Azure Subscription with a Resource Provider before you can create a resource of the selected resource provider type.
Unregister Subscription from Resource Provider
Cloud Portam enables you to unregister your Azure Subscription with a Resource Provider.
This is the first release of Azure Subscription management functionality in Cloud Portam and quite honestly we have just scratched the surface. The way we see this release is that we have set the foundation for future releases.
In the next releases spread over new few months you will see more and more subscription management features becoming available in Cloud Portam. You will see ability to manage different kinds of resources (storage accounts, key vault etc. to name a few).
For the next release, we will be focusing on surfacing Azure usage and billing data in Cloud Portam. So stay tuned for that.
Try It Out!
We humbly request you to try out these updates in Cloud Portam. This is available in both “Personal” and “Team” editions of Cloud Portam. Though extreme care has been taken regarding testing the current functionality, it is quite possible that we may have overlooked something. If you find something missing or implemented incorrectly, please feel free to reach out to us and tell us. We will fix the issues ASAP.
As you can see we’re constantly investing in making the product more and more useful. Do try out Cloud Portam and these features and let us know what you think. If you think, we can improve it in any way, please feel free to share your thoughts. The link to our website is http://www.cloudportam.com.