Azure Configuration

Follow these steps to analyze Microsoft Azure assets with Cartography:

  1. Set up an Azure identity for Cartography to use, and ensure that this identity has the built-in Azure Reader role attached:

    • Authenticate: $ az login

    • Create a Service Principal: $ az ad sp create-for-rbac --name cartography --role Reader

    • Note the values of the tenant, appId, and password fields

  2. Populate environment variables with the values generated in the previous step (e.g., AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET)

  3. Call the cartography CLI with: .. code-block:: bash

    –azure-sp-auth –azure-sync-all-subscriptions –azure-tenant-id ${AZURE_TENANT_ID} –azure-client-id ${AZURE_CLIENT_ID} –azure-client-secret-env-var AZURE_CLIENT_SECRET