Documentation and Best Practices

Learn how to use Cloudability and get the most out of our cloud cost management tool.


Setup Utilization Stage 3: Enable access to resource information

Set up for Azure Rightsizing with our platform is a three-stage process. First, enable utilization metrics collection for all subscriptions, if you have not done so already. Second, permit Cloudability to access the utilization metrics. Third, permit Cloudability to access resource information needed to build the Rightsizing model.

Note that set up is for Beta customers only. Please contact your Technical Account Manager or to express interest in joining the limited Beta program.

Stage 1: Enable utilization metrics collection

Stage 2: Enable access to utilization metrics

Stage 3: Enable access to resource information


Stage 3: Enable access to resource information

Once utilization metrics collection is set up and Cloudability has permission to read the utilization data, we will need to access resource information, including VM and disk information as well as rate and usage cards. We obtain this information by accessing Azure APIs, using an Active Directory Application/Service Principal that you create in your environment.

This Application requires read-only access to the following Azure APIs:

  • Microsoft.Compute/*/read
    • Allows access to Compute/VM information (VM type, CPUs, attached storage, attached NICs etc)
  • Microsoft.Insights/*/read
  • Microsoft.Commerce/RateCard/read
    • Allows access to your negotiated price list which we use in estimating future costs of resources recommended by the rightsizing models. 
  • Microsoft.Commerce/UsageAggregates/read
    • Allows access to the billed usage details. We use this to build the cost of exiting resources to used as input to the rightsizing models. 

We have provided a PowerShell script here that will create an Application/Service Principal and assign it a built-in "Reader" role that has access to the required Azure APIs.

Run the PowerShell script to accomplish the setup. The script performs the following actions.

1. Create an AD Service Principal
2. For every subscription:
2.1 Assign the built-in "Reader" role to the service principal created in Step 1, with a subscription scope
2.2 Assign the role to the service principal created in Step 1
3. Output the tenant ID, application ID, and secret for the service principal. 
Store the output of the script (tenant ID, application ID, and secret) in a secure Microsoft 365 Word document. Share the final Microsoft 365 Word document with your Technical Account Manager.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk