Still can't find what you're looking for?
Cloudhouse Guardian (Guardian) supports a range of Azure services. The following topic describes the Azure services that are currently supported by Cloudhouse and the permissions that are required to be set to utilise them. For more information on how to add an Azure service node in Guardian, see Azure Node.
App Services
Azure App Service is a HTTP-based service for hosting web applications, REST APIs, and mobile back ends. For more information, see App Service in Azure.
Required App Services Permissions
The following code snippet describes the permissions required for the App Services service.
Website ReaderKey Vault
Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. For more information, see Key Vault in Azure.
Required Key Vault Permissions
The following code snippet describes the permissions required for the Key Vault service.
Key Vault ReaderMySQL Server
Azure Database for MySQL is a fully managed database service, which means that Microsoft automates the management and maintenance of your infrastructure and database server, including routine updates, backups, and security. For more information, see Azure Database for MySQL in Azure.
Required MySQL Server Permissions
The following code snippet describes the permissions required for the MySQL Server service.
db_datareaderPostgreSQL Server
Azure Database for PostgreSQL is a fully-managed database as a service with built-in capabilities, such as high availability and intelligence. For more information, see Azure Database for PostgreSQL pricing in Azure.
Required PostgreSQL Server Permissions
The following code snippet describes the permissions required for the PostgreSQL Server service.
db_datareaderSecurity Group
A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For more information, see Network security groups in Microsoft.
Required Security Group Permissions
The following code snippet describes the permissions required for the Security Group service.
Key Vault Reader, CDN Profile Reader, CDN Endpoint ReaderSQL Servers
Azure Database for Microsoft SQL is a fully-managed database as a service with built-in capabilities, such as high availability and intelligence. For more information, see Azure SQL in Azure.
Required SQL Servers Permissions
The following code snippet describes the permissions required for the SQL Servers service.
db_datareaderStorage Account
An Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. For more information, see Storage account overview in Azure.
Required Storage Account Permissions
The following code snippet describes the permissions required for the Storage Account service.
Disk Backup Reader, Backup Reader, Storage Blob Data ReaderVirtual Machine
Azure Virtual Machines are image service instances that provide on-demand and scalable computing resources with usage-based pricing. For more information, see Virtual Machines in Azure.
Required Virtual Machine Permissions
The following code snippet describes the permissions required for the Virtual Machine service.
Disk Backup Reader, Backup Reader, Storage Blob Data Reader, Domain Services Reader, Key Vault Reader, CDN Profile Reader, CDN Endpoint Reader