Initial docs for Azure integration #51631
Open
+125
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Amplify deployment status
|
benarent
reviewed
Jan 31, 2025
| - <Var name="teleport-version"/> | ||
| - <Var name="azure-subscription-id"/> | ||
| - <Var name="azure-principal-id"/> | ||
| - <Var name="azure-discovery-role"/> |
There was a problem hiding this comment.
Are these already set somewhere?
benarent
reviewed
Jan 31, 2025
Comment on lines
+115
to
+125
| Once the managed identity is configured with the correct permissions, add the following to the Discovery Service | ||
| configuration to enable it for fetching Azure resources: | ||
|
|
||
| ```yaml | ||
| discovery_service: | ||
| access_graph: | ||
| azure: | ||
| - subscription_id: <Var name="azure-subscription-id"/> | ||
| ``` | ||
|
|
||
| The Discovery Service will now periodically fetch resources from your Azure subscription. |
There was a problem hiding this comment.
Is this required on Teleport Cloud?
ptgott
approved these changes
Jan 31, 2025
Comment on lines
+18
to
+19
| Utilizing the Access Graph to analyze permissions within an Azure subscription necessitates the setup of the Access | ||
| Graph (AG) service, a Discovery Service, and integration with your Azure subscription. |
There was a problem hiding this comment.
Suggested change
| Utilizing the Access Graph to analyze permissions within an Azure subscription necessitates the setup of the Access | |
| Graph (AG) service, a Discovery Service, and integration with your Azure subscription. | |
| To use Access Graph to analyze permissions within an Azure subscription, you need to set up the Access | |
| Graph (AG) service, Teleport Discovery Service, and an integration with your Azure subscription. |
Style suggestion
Comment on lines
+52
to
+53
| Teleport Policy’s Access Graph feature delves into the resources retrieved from your Azure subscription, crafting a | ||
| graphical representation thereof. |
There was a problem hiding this comment.
Suggested change
| Teleport Policy’s Access Graph feature delves into the resources retrieved from your Azure subscription, crafting a | |
| graphical representation thereof. | |
| Teleport Policy’s Access Graph feature visualizes the resources retrieved from your Azure subscription. |
Simplifying this sentence. We could think about removing the H3-level headings from "How it works", since this H3-level section is so short.
| - Role Assignments | ||
| - Virtual Machines | ||
|
|
||
| Once all the necessary resources are fetched, the Teleport Discovery Service pushes them to the Access Graph, ensuring |
There was a problem hiding this comment.
Suggested change
| Once all the necessary resources are fetched, the Teleport Discovery Service pushes them to the Access Graph, ensuring | |
| Once all the necessary resources are fetched, the Teleport Discovery Service pushes them to Access Graph, ensuring |
| how to set up Access Graph. | ||
| - The node running the Access Graph service must be reachable from the Teleport Auth Service. | ||
|
|
||
| ## Step 1/2. Configure Discovery Service (Self-hosted only) |
There was a problem hiding this comment.
Suggested change
| ## Step 1/2. Configure Discovery Service (Self-hosted only) | |
| ## Step 1/2. Configure the Discovery Service (Self-hosted only) |
Comment on lines
+105
to
+108
| Download and extract the Teleport binary: | ||
| ```shell | ||
| curl -L https://cdn.teleport.dev/teleport-v<Var name="teleport-version"/>-linux-amd64-bin.tar.gz | tar xz | ||
| ``` |
There was a problem hiding this comment.
Would it make sense to include docs/pages/includes/install-linux.mdx here?
To do so, you'd add:
(!docs/pages/includes/install-linux.mdx!)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of https://github.com/gravitational/access-graph/issues/640, this PR provides website documentation on configuring Teleport for fetching Azure resources and importing them into the Access Graph.