Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Onboarding Azure Accounts to Yotascale™ Software

To onboard your Azure accounts with Yotascale, we need to make sure your Azure account type meets the minimum criteria, and that you have a user available with the required roles. 

Note: we will ask you to log in to your Azure console from the Yotascale Azure onboarding. We are not storing your credentials. All we need is to get access to your Cost Export Files. The login is to allow us to be able to get access to the Storage Keys for the Container where the Cost Export Files are saved.

Summary of the Steps to Onboard Your Azure Subscriptions

  1. You need to have a user that has Reader and Data Access to your Billing Account and Subscriptions

  2. Yotascale will read Export Files for each Subscription for Cost Usage and Purchase data. No user credentials are stored

  3. The Roles that are required are for Billing Account Reader, and the Subscription Reader and Data Access

  4. You need to onboard each of your Subscriptions for full visibility

Azure-Side Prep Work

Prerequisite 1: Azure account type

Your Azure account must be of the type: MCA (Microsoft Customer Agreement).
We need to be able to access the Cost Export Files from each of your Azure. Subscriptions in order to get resource usage and costs. If did not yet enable cost Export files for your Azure Subscriptions, this document shows how you can do it.

Prerequisite 2: Azure user that will be used to enroll with Yotascale

The Azure User that will be used to onboard with Yotascale must have these roles:

  • Owner (can view/manage everything, including cost configuration)  

  • Contributor (can view/manage everything, including cost configuration, excluding access control)  

  • Cost Management Contributor (can view/manage cost configuration) 

Additionally, the Azure User that will be used to onboard with Yotascale must have one of the following Azure Active Directory roles in your organization: 

  • Global Administrator, or  

  • Application Developer, or  

  • Cloud Application Administrator

  • Reader and Data Access

    These are the roles that are needed for your Azure Billing Account and Subscriptions.
    Please note that the roles are done on a per Subscription level and as such you need to have access to each of your Subscriptions to onboard them with Yotascale.

    Resource

    Role (any of these will work)

    Billing Account

    • Billing Account Reader

    • Billing Account Contributor

    • Billing Account Owner

    Subscriptions

    • Reader and Data Access

    • Storage Account Contributor

    • Contributor

    • Owner

    Please note that for the Subscription Reader is not enough because that Role does not give access to the Cost Export Files.
    To access the Export files for each Subscription, the roles in the table are the only option. This is information is clarified in this Azure document, which shows the roles needed to access the keys to the Storage Blob Data.

    Prerequisite 3: Azure user needs to have Role access to Subscriptions and Billing Accounts

    For each Subscription, the minimum Role needed is: Reader and Data Access
    For the Subscription Billing Account, the minimum role is: Billing Reader
    Theuser that will be used to onboard your Azure account with Yotascale needs to have the role of “Billing profile owner”.If the user needs do not have these Azure Roles yet, follow these steps:
    For each Subscription:

  • Open the Subscriptions page

  • Click on

    Setup Permission for the Azure Billing Account

    For each Billing Account, you want to enroll, ask your Azure Admin to:

    1. Open the Billing Account by opening the “Cost Management + Billing”

    2. Image Added

      Open the “Billing Account” you need access to, in this example the “Yotascale, Inc.”

    3. Image Added

      Click in Access Control (IAM)

    4. Image Added

      Click on +Add

    5. Search for Role “Reader and Data Access”

    6. Search for the Azure in “Add +” and add the Role of “Billing Account Reader” to the user that will enroll onboard with Yotascale

    7. Image Added
    8. Save

    For the Subscription Billing Account do
    1. and you’re done with the Billing Account

    Setup Permissions to each Azure Subscription

    If the user still does not have Reader and Data Access (or a superior Role) to your Subscriptions, please follow these steps.

    For each Subscription:

    1. Open the SubscriptionClick on Billing ProfilesSubscriptions page from Search or Menu:

    2. Image Added

      Click on the Billing AccountSubscription you want to add

    3. Image Added

      Click on Access Control (IAM)

    4. Click on + Add

    5. Select the Billing Reader

    6. Search and select the respective user that will onboard with Yotascale

    7. Click on Save

    Prerequisite 4: Azure Storage Account Permissions and Settings

    Your Azure Storage Account needs to: 

    • Have "write" permissions required to change the configured storage account (regardless of permissions on the export) 

    • Be configured for blob or file storage. If possible, we recommend creating a new storage account dedicated to the cost management data with Yotascale

    Setup an Azure Storage Account and Export Daily Usage and Cost Files

    For each account, you need to onboard with Yotascale follow the following steps.

    Please login to your Azure account with the user-defined in the “Prerequisite 2” above.

    Then go and create a scheduled daily export under Cost Management in case you do not have created it already. Follow this Azure guide to create
    1. Add” to add a Role

    2. Add the “Reader and Data Access” Role or a Superior Role. Select the user you want to add

    3. Image Added
    4. Save it and you’re done with Subscription Permissions

    Register the Resource Provider for the Azure Subscription where you want to store Cost Export files to allow for CostExport

    It may happen (because of security company policy) that the Azure Subscription where you will create Export files is not registered to allow the Export service to run.

    If that is the case, you will see an error stating that the Resource is not Registered.

    you need to then Register the export service.

    From Subscription - Resource Providers, go and “Register” the “Microsoft.CostManagementExports” and “Microsoft.CostManagement” as in this screenshot:

    Image Added

    Setup Daily Usage and Purchase Export Files for Actual and Amortized Billing

    You need to have Daily Export Files for Usage and Purchase enabled per Subscription so that Yotascale can read your usage and costs details.

    For each of your Subscriptions follow these steps to enable the Export Files, in case you have not done it yet.
    If you do actually already have created Export, but you see an error showing that we cannot read them, then it is because your IAM Role to the Subscription does not allow us to programmatically read from your Export files.

    Please make sure you have one of these permission Roles to your Azure Subscription by following these steps.

    Resource

    Role

    Subscriptions

    • Reader and Data Access

    • Storage Account Contributor

    • Contributor

    • Owner

    To create Export files for a Subscription, you can either follow the steps highlighted below or follow the steps from this Azure guide to creating such an Export. 

    This needs to be done for both:

    • Actual cost (Usage and Purchases) - Select to export standard usage and purchases

    • Amortized cost (Usage and Purchases) - Select to export amortized costs for purchases like Azure reservations 

    These are the steps to enable the Cost Export Files for a Subscription:

    1. Go to your Subscription Cost Management and BIlling in your Azure account that you want to onboard with Yotascale

      Image Added
    2. Click in the Billing Account you want to onboard with Yotascale

    3. Click on Exports

      Image Removed

      on the left menu at the bottom:

    4. Image Added

    5. Example of what it looks like:

    Yotascale-Side Steps

    After you save, you’re done with Export Files. Remember you need to do this for the two types of billing data (Actual and Amortized).

    Yotascale Side Steps to Onboard Your Azure Subscriptions

    1. Login to your Yotascale account as an “Admin”

    2. Go to Settings - Manage Connections

    3. Click on “Add Account” and select Azure - MCA:

      Image Removed
    4. Image Added

    5. Click on:

    6. Sign in with the same user mentioned above in the Azure-Side Prerequisites section

    7. You may get a popup to confirm your Azure Active Directory:

    8. It is possible that you get a “Token Renewal Failed”. In that case, you need to click on Get Token:

    9. Select the account which you want to onboard to Yotascale (once we have a token, we will fetch your Billing Account info)

    10. Yotasale will verify that this user can read from the Billing Account, Subscription, and Export Files. If the user does have the Roles with Permission to access these resources, the user is not ready to onboard the account and needs to go back to the pre-requisites section in this document to get those Role Permissions:

    11. Image Added
    12. Select the correct Billing Profile  from the respective drop-down 

    13. Select the correct Subscription ID from the respective drop-down 

    14. The form will be auto-populated

    15. Verify the location of your Export Files is correct and click the 'Save' button.

    16. This is a screenshot of an example you should see before you Save the account connection:


    Status

    Filter by label (Content by label)
    showLabelsfalse
    max5
    spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@868
    sortmodified
    showSpacefalse
    reversetrue
    typepage
    cqllabel in ( "setup" , "onboarding" ) and type = "page" and space = "CK"
    labelstags mapping


    Page Properties
    hiddentrue


    Related issues