CloudMonitor uses a Service Principal to communicate with the Azure Cost APIs. When you install the CloudMonitor Analytics Engine you can choose an existing Service Principal in your AD Tenancy or create a new one during installation. If you wish to choose an existing one, click on “Select Existing” and find the Service Principal you want to use. This tutorial will focus on creating a new one during installation.
CloudMonitor Install Screen
On the “Service Principal for API Access”, select “Create New” and click on the “Change selection” link.
This will open up the “Register an application” screen below. A “Registered Application” is another name for an Azure Service Principal.
Enter “CloudMonitor-SP” for the name and change to the “Single Tenant” option as this is the most secure. Click on “Register” at the bottom of the screen to continue. If you have the right permissions, this will create a Service Principal in your organizations Active Directory.
You will now be in the overview screen of the newly-created Service Principal:
Create a Client Secret
The next step is to create a Client Secret so that CloudMonitor can authenticate with this Service Principal to communicate with the Azure Cost APIs.
Click on “+ New client secret” (the link in the red box in the screenshot above” and enter the Description “CloudMonitor-ClientSecret”.
Set “Expires” to 24 months (this is duration is up to you; when it expires, any application using it will stop working until the secret is updated).
Click on “Add” to create the secret for your Service Principal.
Copy the new Client Secret
The new Client Secret will appear in the list and you can click on the Value “Copy to Clipboard” icon. Important: This Secret Value is never shown again so make sure you copy it to the clipboard. Do not share this with anyone other than CloudMonitor – treat it as you would a password.
Click on the “X” in the top right of this screen to close this Service Principal view and return to the CloudMonitor install wizard.
Paste Client Secret into Textbox
Once you return back to installation wizard, paste the Client Secret from the previous step into the “Client Secret” textbox. You can now proceed with the rest of setup.