Azure RBAC
- To view existing role definitions Refer Here
- Contributor role => all permissions but cannot give access to others
- Owner => All permissions and can give permissions to others
- Reader => read permissions
- Creating custom roles in Azure Refer Here
- Role Definition
- Azure Actions by resource Refer Here
- Basic skeleton for role
{
"properties": {
"roleName": "",
"description": "",
"assignableScopes": [],
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
- Lets write a role to give permissions on read anything and perform write on storage accounts
{
"properties": {
"roleName": "special",
"description": "for fun",
"assignableScopes": [
"/subscriptions/7ee23928-6bf0-4a1b-8e1d-b854f8f98d81",
"/subscriptions/7ee23928-6bf0-4a1b-8e1d-b854f8f98d81/resourceGroups/*"
],
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Storage/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
AWS: Permissions for Programmatic Access
- In AWS, we have two things to look out
- Access key and Secret Key
- STS
Azure: Permissions for Programmatic Access
- Azure CLI
- login (browser based)
- Service Principal
Like this:
Like Loading...
