Skip to content

Instantly share code, notes, and snippets.

@davidobrien1985
Last active January 17, 2022 02:53
Show Gist options
  • Save davidobrien1985/85d31a8618ae5904be91b52c3dd5cb89 to your computer and use it in GitHub Desktop.
Save davidobrien1985/85d31a8618ae5904be91b52c3dd5cb89 to your computer and use it in GitHub Desktop.
Create an Azure Active Directory App Registration / Service Principal to be used for ARGOS Cloud Security https://argos-security.io
<#
.SYNOPSIS
Create an Azure Active Directory App Registration / Service Principal to be used for ARGOS Cloud Security https://argos-security.io
.DESCRIPTION
This script creates an Azure Active Directory App Registration and an Application Secret that can be used to connect ARGOS Cloud Security to Microsoft Azure in order to scan Azure Subscriptions. The secret has a validity of 12 months.
.NOTES
Best executed in Azure Cloud Shell (https://shell.azure.com) as Cloud Shell is already authenticated to your tenant. User executing this script requires permissions to create an AAD App Registration and permissions to assign IAM Roles to Azure Subscriptions.
.COMPONENT
Requires module Az.Resources
.LINK
https://argos-security.io
.Parameter DisplayName
App Registration Name
#>
param(
[Parameter(Mandatory = $true)]
$DisplayName
)
$app = New-AzADServicePrincipal -DisplayName $DisplayName -Homepage https://app.argos-security.io -Description "Principal used for ARGOS Cloud Security" -EndDate $([DateTime]::Now.AddMonths(12))
Write-Host "Before proceeding to ARGOS, ensure the Principal has at least `Reader` permissions to an Azure Subscription or Management Group."
Write-Host "Add the following information into ARGOS on https://app.argos-security.io/account/azure-settings "
Write-Host "Tenant Id: $($app.AppOwnerOrganizationId)"
Write-Host "Application / Client Id: $($app.AppId)"
Write-Host "Application / Client Secret: $($app.PasswordCredentials[0].SecretText)"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment