Enabling Permissions for CloudCheckr in Azure

CloudCheckr can provide additional information and functionality when you add additional permissions to your subscription or resource. Here is a complete list of permissions separated by Azure service.

Redis Cache

Why We Need this Permission

In order for Fix Now to work with the Redis Cache with a non-SSL Port Enabled Best Practice Check, you must add this permission.

Add the Redis Cache Permission

Before you are able to use the Fix It Now for Redis Cache, you must ensure that your Redis Cache has the appropriate role associated with it. Each Redis Cache will need the Redis Cache Contributor role.

  1. Login to the Azure Portal at https://portal.azure.com.
  2. Select Redis Cache. You may need to click More Services from the main blade menu.
  3. Select the desired Redis Cache.
  4. When the Redis Cache blade opens, select Access Control (IAM).
  5. Select the check box next to the CloudCheckr role, and click Roles.
  6. In the Roles blade, click Redis Cache Contributor.
  7. In the Redis Cache Contributor blade, ensure that the CloudCheckr role has the Redis Cache Contributor role selected. The access should indicate Inherited.

Once you have added the Redis Cache Contributor role to the desired Redis Caches, you will be able to use CloudCheckr’s automation features.

Storage Accounts

Why We Need this Permission

This permission will provide additional details in the List of Blob Storage Report.

Add the Storage Account Contributor Permission

To view additional information about your Blob Storage Containers inCloudCheckr, each Storage Account needs the Storage Account Contributor role. When a subscription is added to the application, CloudCheckr adds the Reader role by default, which allows CloudCheckr to view Azure resources. The Storage Account Contributor role provides CloudCheckr with additional details about the Storage Account resources.

  1. Login to the Azure Portal at https://portal.azure.com.
  2. Select Storage Accounts. You may need to click More Services from the  main blade menu.
  3. Select the desired storage account.
  4. When the Storage Account blade opens, select Access Control (IAM).
  5. Select the  checkbox next to the CloudCheckr role, and click Roles.
  6. In the Roles blade, click Storage Account Contributor.
  7. In the Storage Account Contributor blade, ensure that the CloudCheckr role has the Storage Account Contributor role selected. The access should indicate Inherited.

Once you have added the role of Storage Account Contributor role to the desired storage accounts, go the Reports Updated in the subscription or MAV and click Update Now. CloudCheckr will update the inventory reports for the subscription(s) and reports will update accordingly.