Before you can create a Cloud Environment for an Azure subscription, you must download a Terraform infrastructure as code (IaC) template or Azure CLI Bash script declaring the following resources:
- An Active Directory (AD) application registration
- A federated identity credential
- A service principal
This infrastructure gives Snyk read-only permission to scan the configuration of resources in your subscription.
You will use the IaC template or Bash script you downloaded to provision the infrastructure in Step 2: Create the Entra ID application.
Both methods create the same infrastructure, so pick the method you are most comfortable working with.
- In the Snyk Web UI, navigate to Integrations > Cloud platforms.
- Select Azure.
- In the Add Azure Environment modal, in the Retrieve Application ID section, enter the subscription ID and tenant ID of the subscription you want to onboard. You can find the IDs using the method described in the Azure documentation.
- Select the Terraform button to download a
snyk-permissions-azure.tffile or Azure CLI Bash to download asnyk-permissions-azure.shfile:
You can now proceed to Step 2: Create the Entra ID app registration.
{% hint style="info" %} You can also add a Cloud environment from Organization Settings (cog icon) > Cloud environments. See View Environments. {% endhint %}
You can now proceed to Step 2: Create the Entra ID app registration.