Preparing Azure
This page explains how to set up an Azure subscription so it's ready for the PW platform to manage infrastructure, clusters, billing, storage, and usage data.
The steps included on this page should be completed by a cloud engineer in your organization.
Azure Subscription
We recommend creating a new Azure subscription for the PW platform, which will allow you to keep your existing Azure subscription separate from the platform and make it easier to manage billing and usage data. This will also ensure the principle of least privilege, as the PW platform will only have access to the resources it needs to manage.
To learn more about Azure subscriptions, please see the Azure documentation.
Setting Up Azure Credentials
To get started quickly, you can create a new service principal and add the Owner
role. This will allow the PW platform to manage all resources in your subscription. If you want to limit the scope of the service principal, you can create a custom role and assign it to the service principal.
Creating a Client Secret
The PW platform uses Azure client secrets to authenticate with Azure. You can create a new client secret by following the steps in the Azure documentation.
Azure Access Policies
pw-billing
Assign the following predefined roles to your application in order for the PW platform to provision billing infrastructure and access true cost data.
Owner
Storage Blob Data Owner