...
Resource Group (New)
Azure App Service Plan (P1v2)
Azure App Service (with System Managed Identity)
App Registration (for App Service authentication)
Azure Key Vault (for securing secrets)
Additional App Registration and Service Principal (for Azure Graph API permissions)
Prerequisites
Before installation, make sure you have the following prerequisites:
...
Clients should obtain the necessary files for setup from their respective EmpowerID support agent.
Procedure
Retrieve Terraform Template:
Download the Terraform template from the repository at<https://empowerid.visualstudio.com/_git/EID-Infrastructure?path=/terraform_new/templates/AzPowershellV2
.>Configure Terraform Backend:
Edit themain.tf
file to include the following configurations:Code Block language hcl backend "azurerm" { use_azuread_auth = true subscription_id = "<Your Subscription ID>" tenant_id = "<Your Azure Tenant ID>" resource_group_name = "<Your Resource Group Name>" storage_account_name = "<Your Storage Account Name>" container_name = "<Your Storage Container Name>" key = "terraform.azv2.tfstate" }
Set Terraform Variables:
Modify theterraform.tfvars
file with these details:Code Block language hcl azure_region = "<Region to deploy the Microservice>" client_code = "<Client Name>" env_code = "<Client Environment>" region_code = "<Region code>" Subscription_ID = "<Your Subscription ID>" Tenant_ID = "<Your Azure Tenant ID>"
Initialize and Deploy with Terraform:
Open PowerShell in the directory containing themain.tf
file and execute the following commands sequentially:Terraform init
to initialize the Terraform environment and modules.Terraform plan
to review the deployment plan.Terraform apply
to execute the deployment of the Microservice.
Configure Authentication:
After deploying the microservice, modify the Azure AD SCIM Microservice configuration to authenticate with the Azure PowerShell V2 Microservice by adding the following settings:Code Block language text name: "AzureADLogin" value: "<https://login.microsoftonline.com/>" name: "AzureADPowershellV2AppID" value: "<Azure PowerShell V2 Microservice Application ID>" name: "AzureADPowershellV2CertificateName" value: "<Azure PowerShell V2 Microservice Authentication Certificate Name>" name: "AzureADPowershellV2TenantID" value: "<Azure PowerShell V2 Microservice Tenant ID>" name: "AzureADPowershellV2URL" value: "<Azure PowerShell V2 Microservice URL>/services/v1/pshell/" name: "AzureADPowershellV2VaultUrl" value: "<Azure PowerShell V2 Microservice Key Vault URL>"
Upload Artifacts:
Follow the artifacts deployment documentation to upload the necessary files to your web application.
...