Please enter search query.
Search <book_title>...
Cohesity Cloud Scale Technology Deployment Guide Using Terraform for Microsoft Azure
Last Published:
2025-03-18
Product(s):
NetBackup & Alta Data Protection (11.0)
- Introduction
- Getting started steps for deployment
- Prerequisites for setting up Azure environment
- Prerequisities for Terraform scripts
- Deploying Cloud Scale Technology using Terraform scripts
- Accessing the Cloud Scale environment
- Troubleshooting and cleanup environment steps
Azure subscription permission requirements
The permissions in Azure are required for the user to create clusters, deploy the Cloud Scale Technology on the Azure cloud environment, also to support backup and recovery operations. These are the minimum permission that will help user to setup the whole environment required to deploy the Cloud Scale Technology. There are two ways to assign these permission to the admin user which is used in the deployment and you will have to choose any one method.
Use Azure subscription with contributor and user admin role.
Create a custom role with following permissions attached to the user which is used for deploying the Cloud Scale Technology in Azure -
Microsoft.Compute/virtualMachineScaleSets/read Microsoft.Compute/virtualMachineScaleSets/write Microsoft.Compute/virtualMachineScaleSets/delete Microsoft.Compute/virtualMachineScaleSets/delete/action Microsoft.Compute/virtualMachineScaleSets/start/action Microsoft.ContainerService/managedClusters/read Microsoft.ContainerService/managedClusters/write Microsoft.ContainerService/managedClusters/delete Microsoft.ContainerService/managedClusters/start/action Microsoft.ContainerService/managedClusters/stop/action Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action Microsoft.ContainerService/managedClusters/listClusterUserCredential/action Microsoft.ContainerService/managedClusters/listClusterMonitoringUserCredential/action Microsoft.ContainerService/managedClusters/privateEndpointConnectionsApproval/action Microsoft.ContainerService/managedClusters/runCommand/action Microsoft.ContainerService/managedClusters/agentPools/read Microsoft.ContainerService/managedClusters/agentPools/write Microsoft.ContainerService/managedClusters/agentPools/delete Microsoft.ContainerService/managedClusters/resolvePrivateLinkServiceId/action Microsoft.ContainerService/managedClusters/agentPools/upgradeNodeImageVersion/write Microsoft.ContainerService/managedClusters/extensionaddons/read Microsoft.ContainerService/managedClusters/extensionaddons/write Microsoft.ContainerService/managedClusters/privateEndpointConnections/read Microsoft.ContainerService/managedClusters/privateEndpointConnections/write Microsoft.ContainerService/managedClusters/privateEndpointConnections/delete Microsoft.ContainerService/managedclustersnapshots/read Microsoft.ContainerService/managedclustersnapshots/write Microsoft.ContainerService/managedclustersnapshots/delete Microsoft.Authorization/permissions/read Microsoft.ContainerRegistry/registries/write Microsoft.ContainerRegistry/registries/delete Microsoft.ContainerRegistry/registries/read Microsoft.ContainerRegistry/registries/listCredentials/action Microsoft.ContainerRegistry/registries/operationStatuses/read Microsoft.ContainerRegistry/registries/privateEndpointConnections/read Microsoft.ContainerRegistry/registries/privateEndpointConnections/delete Microsoft.ContainerRegistry/registries/privateEndpointConnections/write Microsoft.ContainerRegistry/registries/PrivateEndpointConnectionsApproval/action Microsoft.ContainerRegistry/registries/pull/read Microsoft.ContainerRegistry/registries/push/write Microsoft.Authorization/roleAssignments/read Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete Microsoft.Authorization/roleDefinitions/read Microsoft.Authorization/roleDefinitions/write Microsoft.Authorization/roleDefinitions/delete Microsoft.ManagedIdentity/userAssignedIdentities/assign/action Microsoft.ManagedIdentity/userAssignedIdentities/delete Microsoft.ManagedIdentity/userAssignedIdentities/read Microsoft.ManagedIdentity/userAssignedIdentities/write Microsoft.ManagedIdentity/userAssignedIdentities/listAssociatedResources/action Microsoft.ManagedIdentity/identities/read Microsoft.Network/privateDnsZones/write Microsoft.Network/privateDnsZones/delete Microsoft.Network/privateDnsZones/virtualNetworkLinks/write Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete Microsoft.Network/privateDnsZones/join/action Microsoft.Network/privateDnsZones/SOA/write Microsoft.Network/privateLinkServices/privateEndpointConnections/write Microsoft.Network/privateLinkServices/privateEndpointConnections/delete Microsoft.Network/privateLinkServices/write Microsoft.Network/privateLinkServices/delete Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write Microsoft.Network/privateEndpoints/privateDnsZoneGroups/delete Microsoft.Network/privateEndpoints/delete Microsoft.Network/privateEndpoints/write Microsoft.Network/*/read Microsoft.Network/virtualNetworks/subnets/join/action Microsoft.Network/virtualNetworks/join/action Microsoft.Resources/subscriptions/resourcegroups/read Microsoft.Resources/subscriptions/resourcegroups/write