Getting StartedConnecting Your Cloud Account

Connecting Your Azure Account

CloudRift connects to your Azure tenant via a Service Principal — a secure, scoped identity that gives CloudRift read/write access only to what it needs.

Step 1: Create a Service Principal

Run these commands in Azure CLI or Cloud Shell:

# Create the Service Principal
az ad sp create-for-rbac --name "CloudRift" --role Contributor \
  --scopes /subscriptions/{your-subscription-id}

# Output: appId (client_id), password (client_secret), tenant (tenant_id)

Step 2: Grant Required Permissions

For full CloudRift functionality, assign these roles:

RoleWhy It's Needed
ContributorScan, resize, delete resources, deploy IaC
Desktop Virtualization ContributorDeploy AVD/WVD environments
Virtual Machine ContributorResize and manage VMs
User Access AdministratorRead RBAC assignments for governance
# Assign Contributor (minimum required)
az role assignment create --assignee {appId} \
  --role Contributor \
  --scope /subscriptions/{subscription-id}

Step 3: Add the Account in CloudRift

  • Go to Admin → Cloud Accounts
  • Click + Connect Account
  • Select Azure
  • Enter your Tenant ID, Client ID, and Client Secret
  • Click Test Connection — you should see a green checkmark
  • Click Save
  • Step 4: Run Your First Scan

    After connecting, click Scan to discover all resources. Scans typically take 30–90 seconds depending on the size of your environment.

    ---

    Connecting Your AWS Account

    AWS uses Access Keys or an IAM Role for authentication.

    Creating an IAM User

  • Go to AWS Console → IAM → Users → Add User
  • Select Programmatic access
  • Attach policy: ReadOnlyAccess (for scanning) or PowerUserAccess (for full management)
  • Save the Access Key ID and Secret Access Key
  • In CloudRift: Admin → Cloud Accounts → + Connect Account → AWS