Connect to Azure
Integrate Azure with Finout to generate comprehensive cost and usage reports tailored to your organization's needs. Configure Finout to create detailed reports using Azure data, either for specific subscriptions or across your entire organization. This integration allows for in-depth analysis and management of expenses, offering valuable insights into cost allocation and usage trends across your Azure infrastructure.
Azure Configuration Workflow:
1. Create a Service Principal for Finout
The integration to your Azure is achieved by using an Azure service principal.
There are two options:
a. Create a service principle using the CLI.
b. Create a service principal using the Azure portal and set up an authentication.
a. Create a service principal using the CLI
From the CLI, type the following:
az ad sp create-for-rbac -n "finout"
You will receive an output similar to the following:
{
"appId": "3c666g0g6-8cb8-8b33-cba6-abc7676a8989",
"displayName": "finout",
"password": "789************************",
"tenant": "6666b777-ba88-44a9-a4aa-666ccb222a91"
}
Important: Save the following details to use in the Finout console (step 4):
appId → Application (client) ID
tenant → Directory (tenant) ID
password → Application password (Client Secret)
b. Create a service principal using the Azure portal
1. From your Azure portal, search for and select Azure Active Directory.
2. Select App registrations, then click New registration.
3. Name the application (For example, "Finout").
4. Leave the default values in the rest of the parameters and click Register.
5. The Overview page provides two of the credentials required for the Finout console (step 4) the Application (client) ID and the Directory (tenant) ID.
Important: Save the following details to use in the Finout console (step 4):
appId → Application (client) ID
tenant → Directory (tenant) ID
Set up the authentication
For the Finout integration, use the password-based authentication (application secret) method by following these steps:
Select Certificates & secrets from the left-hand menu on the app registration page.
Click + New client secret to create a new client secret.
Select a time frame for its expiration, add a description, and then click Add.
Note: If the secret is set to expire, you must remember to renew the credentials and reconfigure it in the Finout console.
Copy the Value from the Client secret to the Application secret field in the Finout console (step 4).
2. Create the Billing Export
In this step, create the export for the billing scope and grant Finout read-only access to these export files.
Important: Ensure you're on the billing scope when performing the following step.
To ensure you're on the billing scope, check the text on your cost management screen that states Billing account.
Create the report exports on the billing scope
The reports must be exported twice, once for each of the following cost types:
Actual cost
Amortized cost
You should provide a different directory for both exports, but both exports must be exported to the same container.
To create an export in your Azure portal:
In Azure, navigate to Cost Management.
Click Exports in the left-hand menu.
From the Export screen, click + Create.
The New export page appears.
Click Cost and Usage (actual or amortized).
Note: The reports must be exported twice, once for each of the cost types. You should provide a different directory for both exports, but both exports must be exported to the same container.
You are brought to the Datasets tab.
Add the Export Profile name and click Next.
You are brought to the Destination tab.
Fill in the details required on the destination page.
Important:
- Ensure that File partitioning is selected.
- Ensure that Overwrite data is deselected.
- Ensure that the Format is CSV.
- Ensure that the Compression type is None.Note: Save the following details to add to Finout (step 4):
-Storage Account-Container
-Actual Cost Directory and Export Name
-Amortized Cost Directory and Export Name
Click Next.
You are brought to the Review and Create tab.Review the summary and click Create.
After the export is created, select it from the export page and click Run now.
3. Grant Finout Read-Only Permission from the Export Storage
Grant read-only permission by using Azure CLI or the Azure portal.
Grant permissions using Azure CLI
Type the following command in your CLI and fill in the parameters according to the role and storage details:
az role assignment create --assignee <app_id> --role "Storage Blob Data Reader" --scope /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Storage/storageAccounts/<storage_account_name>/blobServices/default/containers/<container_name>
Grant permissions using the Azure portal
From your Storage account page, click Containers and select the export container.
Select Access control (IAM).
Click +Add and then click Add role assignment.
Search for Storage blob data reader, select it, and then click Next.
Click + Select members and find the Finout service principal.
Select the Finout service principal and click Select.
Click Review + Assign.
4. Integrate Azure with Finout
Navigate to Settings > Cost Centers and click Add cost center.
The Connect Accounts window appears.
In Azure, click Connect Now.
The Azure integration window appears.
Add the details saved from step 1 and click Next.
You are brought to the Create the billing export page.
Add the details saved from step 2 and click Next.
The integration is complete.
Important: To successfully finish the Azure integration with Finout, ensure that the export files exist in the given container.
Still need help? Please feel free to reach out to our team at [email protected].