Connect to Azure | Cloud Connections| Appranix

Connect to Azure Subscriptions

Appranix protects your cloud application environment in Azure and ensures cloud application resilience. This document explains how to allow Appranix to enable cloud application resilience to your Azure cloud infrastructure and the list of permissions required for the same.

Prerequisite: "Owner" or "User Access Administrator" privilege is mandatory to register Appranix Enterprise Application as a service principal.

To add a new Azure Cloud Connection in Appranix, follow the below steps:

Navigate to "Cloud Connections", click "Add Cloud Connection," and choose "Azure Cloud"
Fill in the Name and Description for the connection

Provide the required authentication details from the Azure account to register Appranix Enter the “Tenant Id” and click “REGISTER” to register the AppranixARS

  In the new window, 
   -   Select the “Accept” option to approve the permissions requested for the AppranixARS application to be registered as an Enterprise Application in the given Azure tenant
   -   Once the request is approved to register in the tenant, *AppranixARS* application will be displayed as an Enterprise application in the given Azure tenant

In the Appranix Cloud Connection, provide the Azure authentication details, Azure account’s “Subscription ID”, and “Object ID” of the registered Appranix Application
Select the operational regions where your protection and recovery operations need to be done
Add the Azure services by choosing “ADD SERVICES” and click “NEXT“

Apply IAM Permissions

From the “Instant” tab, run the given command in the Azure portal bash cloud shell to grant the required permissions in a single step
Or, select the “Manual” tab and click either the “DOWNLOAD ARM TEMPLATE “option or run the curl command to download the template
An ARM template that will assign the necessary roles to the Appranix application will be downloaded
In your Azure console, run the given command with the downloaded template file path
Select the confirmation message to grant the permissions and click “FINISH”

Azure IAM Permissions

Operation	Appranix Azure Role Name
Discovery	Appranix ARS Discovery Resource Group Default Access Appranix ARS Discovery Storage Default Access Appranix ARS Discovery Compute Default Access Appranix ARS Discovery Network Default Access Appranix ARS Discovery Load balancer Default Access Appranix ARS Discovery MySql Default Access Appranix ARS Discovery Mssql Default Access Appranix ARS Discovery Postgress Default Access Appranix ARS Discovery PGSQL Flexible Server Default Access Appranix ARS Discovery MYSQL Flexible Server Default Access Appranix ARS Discovery SQL Managed Instance Default Access Appranix ARS Discovery NO SQL Server Default Access Appranix ARS Discovery Redis Cache Server Default Access Appranix ARS Discovery WCF Relay Default Access Appranix ARS Discovery Event Hub Default Access Appranix ARS Discovery Service Bus Default Access Appranix ARS Discovery Application Gateway Default Access Appranix ARS Discovery Proximity Placement Group Default Access Appranix ARS Discovery Private Endpoint Default Access
Protection	Appranix ARS Protection Resource Group Default Access Appranix ARS Protection Storage Default Access Appranix ARS Replication Storage Default Access Appranix ARS Retention Storage Default Access
Recovery	Appranix ARS Recovery Resource Group Default Access Appranix ARS Recovery Storage Default Access Appranix ARS Recovery Compute Default Access Appranix ARS Recovery Network Default Access Appranix ARS Recovery Deployment Manager Default Access Appranix ARS Recovery Load balancer Default Access Appranix ARS Recovery MySql Default Access Appranix ARS Recovery Postgress Default Access Appranix ARS Recovery Mssql Default Access Appranix ARS Recovery Application Gateway Default Access Appranix ARS Recovery Proximity Placement Group Default Access Appranix ARS Recovery Private Endpoint Default Access Appranix ARS Recovery Shared gallery Default Access Appranix ARS Recovery Shared gallery image definition Default Access Appranix ARS Recovery Shared gallery image version Default Access
Reset	Appranix ARS Reset Resource Group Default Access Appranix ARS Reset Storage Default Access Appranix ARS Reset Compute Default Access Appranix ARS Reset Network Default Access Appranix ARS Reset Load balancer Default Access Appranix ARS Reset MySql Default Access Appranix ARS Reset Postgress Default Access Appranix ARS Reset Mssql Default Access Appranix ARS Reset Application Gateway Default Access Appranix ARS reset Proximity Placement Group Default Access Appranix ARS Reset Private Endpoint Default Access Appranix ARS Reset Shared gallery Default Access Appranix ARS Reset Shared gallery image definition Default Access Appranix ARS Reset Shared gallery image version Default Access

NOTE: When a particular role's permission is revoked manually in the Azure portal, the set of operations associated with that role will fail.

Appranix ARS Discovery Resource Group Default Access

  permissions:
  - Microsoft.Resources/subscriptions/resourceGroups/read
  - Microsoft.Resources/subscriptions/resourceGroups/write
  - Microsoft.Resources/subscriptions/resourceGroups/resources/read

Appranix ARS Discovery Storage Default Access

  permissions:
  - Microsoft.Storage/storageAccounts/read
  - Microsoft.Storage/storageAccounts/write
  - Microsoft.Storage/storageAccounts/blobServices/containers/read
  - Microsoft.Storage/storageAccounts/blobServices/containers/write
  - Microsoft.Compute/disks/beginGetAccess/action
  - Microsoft.Compute/disks/endGetAccess/action
  - Microsoft.Storage/storageAccounts/listKeys/action
  - Microsoft.Compute/disks/read
  dataPermissions:
  - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

Appranix ARS Discovery Compute Default Access

 permissions:
 - Microsoft.Compute/virtualMachines/read
 - Microsoft.Compute/virtualMachineScaleSets/read
 - Microsoft.Compute/virtualMachineScaleSets/skus/read
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read
 - Microsoft.Compute/sshPublicKeys/read
 - Microsoft.Compute/availabilitySets/read
 - Microsoft.Compute/proximityPlacementGroups/read

Appranix ARS Discovery Network Default Access

 permissions:
 - Microsoft.Network/networkInterfaces/read
 - Microsoft.Network/publicIPAddresses/read
 - Microsoft.Network/virtualNetworks/read
 - Microsoft.Network/networkSecurityGroups/read
 - Microsoft.Network/virtualNetworks/subnets/read

Appranix ARS Discovery Load balancer Default Access

 permissions:
 - Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read
 - Microsoft.Network/loadBalancers/backendAddressPools/join/action
 - Microsoft.Network/loadBalancers/backendAddressPools/read
 - Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read
 - Microsoft.Network/loadBalancers/inboundNatPools/join/action
 - Microsoft.Network/loadBalancers/inboundNatPools/read
 - Microsoft.Network/loadBalancers/inboundNatRules/read
 - Microsoft.Network/loadBalancers/loadBalancingRules/read
 - Microsoft.Network/loadBalancers/networkInterfaces/read
 - Microsoft.Network/loadBalancers/outboundRules/read
 - Microsoft.Network/loadBalancers/probes/read
 - Microsoft.Network/loadBalancers/read
 - Microsoft.Network/loadBalancers/virtualMachines/read

Appranix ARS Protection Resource Group Default Access

 permissions:
 - Microsoft.Resources/subscriptions/resourceGroups/read
 - Microsoft.Resources/subscriptions/resourceGroups/write
 - Microsoft.Resources/subscriptions/resourceGroups/resources/read

Appranix ARS Protection Storage Default Access

 permissions:
 - Microsoft.Storage/storageAccounts/write
 - Microsoft.Storage/storageAccounts/blobServices/containers/write
 - Microsoft.Compute/snapshots/beginGetAccess/action
 - Microsoft.Compute/snapshots/read
 - Microsoft.Compute/snapshots/write
 dataPermissions:
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete

Appranix ARS Replication Storage Default Access

 permissions:
 - Microsoft.Compute/snapshots/beginGetAccess/action
 - Microsoft.Compute/snapshots/endGetAccess/action
 dataPermissions:
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

Appranix ARS Retention Storage Default Access

 permissions:
 - Microsoft.Compute/snapshots/delete
 dataPermissions:
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete

Appranix ARS Recovery Resource Group Default Access

 permissions:
 - Microsoft.Resources/subscriptions/resourceGroups/read
 - Microsoft.Resources/subscriptions/resourceGroups/write

Appranix ARS Recovery Storage Default Access

 permissions:
 - Microsoft.Compute/disks/write
 - Microsoft.Storage/storageAccounts/write
 - Microsoft.Storage/storageAccounts/blobServices/containers/write
 dataPermissions:
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

Appranix ARS Recovery Compute Default Access

 permissions:
 - Microsoft.Compute/virtualMachines/write
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write
 - Microsoft.Compute/virtualMachineScaleSets/write
 - Microsoft.Compute/sshPublicKeys/write
 - Microsoft.Compute/images/write
 - Microsoft.Compute/images/read
 - Microsoft.Compute/availabilitySets/write
 - Microsoft.Compute/proximityPlacementGroups/write

Appranix ARS Recovery Network Default Access

 permissions:
 - Microsoft.Network/networkInterfaces/join/action
 - Microsoft.Network/networkInterfaces/write
 - Microsoft.Network/publicIPAddresses/join/action
 - Microsoft.Network/publicIPAddresses/write
 - Microsoft.Network/virtualNetworks/write
 - Microsoft.Network/networkSecurityGroups/join/action
 - Microsoft.Network/networkSecurityGroups/write
 - Microsoft.Network/virtualNetworks/subnets/join/action
 - Microsoft.Network/virtualNetworks/subnets/write
 - Microsoft.Network/networkSecurityGroups/securityRules/write

Appranix ARS Recovery Load balancer Default Access

 permissions:
 - Microsoft.Network/loadBalancers/backendAddressPools/join/action
 - Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action
 - Microsoft.Network/virtualNetworks/joinLoadBalancer/action
 - Microsoft.Network/loadBalancers/backendAddressPools/write
 - Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action
 - Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/join/action
 - Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/write
 - Microsoft.Network/loadBalancers/inboundNatPools/join/action
 - Microsoft.Network/loadBalancers/inboundNatRules/join/action
 - Microsoft.Network/loadBalancers/inboundNatRules/write
 - Microsoft.Network/loadBalancers/probes/join/action
 - Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/write
 - Microsoft.Network/loadBalancers/write
 - Microsoft.Network/locations/setLoadBalancerFrontendPublicIpAddresses/action

Appranix ARS Recovery Deployment Manager Default Access

 permissions:
 - Microsoft.Resources/deployments/read
 - Microsoft.Resources/deployments/write
 - Microsoft.Resources/deployments/operationStatuses/read
 - Microsoft.Resources/deployments/operations/read

Appranix ARS Reset Resource Group Default Access

 permissions:
 - Microsoft.Resources/subscriptions/resourceGroups/delete

Appranix ARS Reset Storage Default Access

 permissions:
 - Microsoft.Storage/storageAccounts/delete
 - Microsoft.Storage/storageAccounts/blobServices/containers/delete
 - Microsoft.Compute/disks/delete
 dataPermissions:
 - Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete

Appranix ARS Reset Compute Default Access

 permissions:
 - Microsoft.Compute/virtualMachines/delete
 - Microsoft.Compute/virtualMachineScaleSets/virtualMachines/delete
 - Microsoft.Compute/virtualMachineScaleSets/delete
 - Microsoft.Compute/sshPublicKeys/delete
 - Microsoft.Compute/images/delete
 - Microsoft.Compute/availabilitySets/delete
 - Microsoft.Compute/proximityPlacementGroups/delete

Appranix ARS Reset Network Default Access

 permissions:
 - Microsoft.Network/networkInterfaces/delete
 - Microsoft.Network/networkSecurityGroups/delete
 - Microsoft.Network/publicIPAddresses/delete
 - Microsoft.Network/virtualNetworks/delete
 - Microsoft.Network/virtualNetworks/subnets/delete
 - Microsoft.Network/networkSecurityGroups/securityRules/delete

Appranix ARS Reset Load balancer Default Access

 permissions:
 - Microsoft.Network/loadBalancers/backendAddressPools/delete
 - Microsoft.Network/loadBalancers/backendAddressPools/delete
 - Microsoft.Network/loadBalancers/delete
 - Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/delete
 - Microsoft.Network/loadBalancers/inboundNatRules/delete

Appranix ARS Discovery MySql Default Access

 permissions:
 - Microsoft.DBforMySQL/servers/privateEndpointConnectionProxies/read
 - Microsoft.DBforMySQL/servers/privateEndpointConnections/read
 - Microsoft.DBforMySQL/servers/read
 - Microsoft.DBforMySQL/locations/azureAsyncOperation/read

Appranix ARS Recovery MySql Default Access

 permissions:
 - Microsoft.DBforMySQL/servers/write
 - Microsoft.DBforMySQL/servers/privateEndpointConnectionsApproval/action

Appranix ARS Reset MySql Default Access

 permissions:
 - Microsoft.DBforMySQL/servers/delete

Appranix ARS Discovery Mssql Default Access

 permissions:
 - Microsoft.Sql/servers/read
 - Microsoft.Sql/servers/databases/read

Appranix ARS Recovery Mssql Default Access

  permissions:
  - Microsoft.Sql/servers/write
  - Microsoft.Sql/servers/databases/write

Appranix ARS Reset Mssql Default Access

  permissions:
  - Microsoft.Sql/servers/delete

Appranix ARS Discovery Postgress Default Access

  permissions:
  - Microsoft.DBforPostgreSQL/servers/privateEndpointConnections/read
  - Microsoft.DBforPostgreSQL/servers/read

Appranix ARS Recovery Postgress Default Access

  permissions:
  - Microsoft.DBforPostgreSQL/servers/write
  - Microsoft.DBforPostgreSQL/servers/privateEndpointConnectionsApproval/action

Appranix ARS Reset Postgress Default Access

  permissions:
  - Microsoft.DBforPostgreSQL/servers/delete

Appranix ARS Discovery Pqsql Flexible Server Default Access

  permissions:
  - Microsoft.DBforPostgreSQL/flexibleServers/read

Appranix ARS Discovery Mysql Flexible Server Default Access

  permissions:
  - Microsoft.DBforMySQL/flexibleServers/read

Appranix ARS Discovery Sql Managed Instance Default Access

  permissions:
  - Microsoft.Sql/managedInstances/read

Appranix ARS Discovery No Sql Server Default Access

  permissions:
  - Microsoft.DocumentDB/databaseAccounts/read
  - Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read

Appranix ARS Discovery Redis Cache Default Access

  permissions:
  - Microsoft.Cache/redis/read

Appranix ARS Discovery Wcf Relay Default Access

  permissions:
  - Microsoft.Relay/namespaces/read 
  - Microsoft.Relay/namespaces/WcfRelays/read

Appranix ARS Discovery Service Bus Default Access

  permissions:
  - Microsoft.ServiceBus/namespaces/read 
  - Microsoft.ServiceBus/namespaces/topics/read
  - Microsoft.ServiceBus/namespaces/queues/read

Appranix ARS Discovery Event Hub Default Access

  permissions:
  - Microsoft.EventHub/namespaces/read 
  - Microsoft.EventHub/namespaces/eventhubs/read

Appranix ARS Discovery Application Gateway Default Access

  permissions:
  - Microsoft.Network/applicationGateways/read
  - Microsoft.Network/applicationGateways/privateEndpointConnections/read

Appranix ARS Recovery Application Gateway Default Access

  permissions:
  - Microsoft.Network/applicationGateways/write
  - Microsoft.Network/applicationGateways/backendAddressPools/join/action

Appranix ARS Reset Application Gateway Default Access

  permissions:
 - Microsoft.Network/applicationGateways/delete

Appranix ARS Discovery Proximity Placement Group Default Access

  permissions:
  - Microsoft.Compute/proximityPlacementGroups/read

Appranix ARS Recovery Proximity Placement Group Default Access

  permissions:
  - Microsoft.Compute/proximityPlacementGroups/write

Appranix ARS Reset Proximity Placement Group Default Access

  permissions:
  - Microsoft.Compute/proximityPlacementGroups/delete

Appranix ARS Discovery Private Endpoint Default Access

  permissions:
  - Microsoft.Network/privateEndpoints/read

Appranix ARS Recovery Private Endpoint Default Access

  permissions:
  - Microsoft.Network/privateEndpoints/write

Appranix ARS Reset Private Endpoint Default Access

  permissions:
  - Microsoft.Network/privateEndpoints/delete

Appranix ARS Recovery Shared gallery Default Access

  permissions:
  - Microsoft.Compute/galleries/read
  - Microsoft.Compute/galleries/write
  - Microsoft.Compute/galleries/share/action

Appranix ARS Reset Shared gallery Default Access

  permissions:
  - Microsoft.Compute/galleries/delete

Appranix ARS Recovery Shared gallery image definition Default Access

  permissions:
  - Microsoft.Compute/galleries/images/read
  - Microsoft.Compute/galleries/images/write

Appranix ARS Reset Shared gallery image definition Default Access

  permissions:
  - Microsoft.Compute/galleries/images/delete

Appranix ARS Recovery Shared gallery image version Default Access

  permissions:
  - Microsoft.Compute/galleries/images/versions/read
  - Microsoft.Compute/galleries/images/versions/write

Appranix ARS Reset Shared gallery image version Default Access

  permissions:
   - Microsoft.Compute/galleries/images/versions/delete

NOTE: This list of permissions may increase as Appranix adds more services for protection.

Need more help? Submit a ticket