Enabling Azure Services in Turbot
Enabling Services
All supported services have an Enabled policy.
Azure > Storage > Enabled
Azure > Compute Engine > Enabled
Azure > SQL > Enabled
You should enable any services that users are allowed to use. By default, the
value of these policies is set to Disabled. When a service is disabled,
users granted permissions to cloud accounts via Turbot will not be able to
manage the service. Additionally, other policies may reference this policy to
determine their behavior. For example, the default behavior of the
Approved
control is that any resources are unapproved unless the service is
enabled.
For example, to enable the Azure Storage service:
# Azure > Storage > Enabledresource "turbot_policy_setting" "azure_storage_enabled" { resource = "id of sub or parent folder/policy pack" //highlight-line type = "tmod:@turbot/azure-storage#/policy/types/storageEnabled" value = "Enabled"}
Registering Service Providers
To use a service API in Azure, you must register the resource provider in your subscription
Note that a single provider may support many services - they do not map 1:1.
To enable a provider, set the relevant
Azure > Provider > {provider} > Registered
policy to "Enforce: Registered"
Azure > Provider > Storage > Registered
Azure > Provider > Compute > Registered
Azure > Provider > SQL > Registered
For example, to enable the storage provider:
# Azure > Provider > Storage > Registeredresource "turbot_policy_setting" "provider_registration_enable" { resource = "id of sub or parent folder/policy pack" //highlight-line type = "tmod:@turbot/azure-provider#/policy/types/storageRegistered" value = "Enforce: Registered"}
Failing to register a provider cause CMDB and Discovery errors from controls for the dependent services. You can get rid of the discovery errors by setting the relevant CMDB policies to Skip.
For example, if the Storage provider is not enabled in Azure, the Azure > Storage > Storage Account > Discovery controls will be in error, as they do not have the required access to discover the resources. Changing the CMDB policy to skip will cause the Discovery control to skip as well