To authorize Carbon Black Cloud to access your designated storage container, perform the following procedure.
Prerequisites
Procedure
- In the Azure console, click Managed Identities.
- Click + Create.
- In the Project details section, select the Subscription and Resource Group with which to associate the Managed Identity. We recommend that you use the same settings as those established for the Azure storage account for your Data Forwarder. (See Step 3 in Create an Azure Storage Account.)
- In the Instance details section, select the appropriate Region that correspond to the Carbon Black Cloud URL to which your organization belongs. See Azure Forwarding Identity Credentials.
- Provide a unique name for the Managed Identity.
- Select Review + Create, click Create, and then click Go to resource.
- From the sidebar, select Federated Credentials.
- Click + Add Credential.
- Under Federated Credential Scenario, select Other.
- For Issuer URL, enter
https://cognito-identity.amazonaws.com
. - From the Azure Forwarding Identity Credentials table, select the combination of Subject identifier and Audience that correspond to your Carbon Black Cloud URL.
- Enter the Subject identifier.
Caution: Validate your entry to make sure it exactly matches the field data.
- Enter a unique name for the Federated Credential, such as Carbon-Black-Cloud-Data-Forwarder.
- Under Audience (optional), click Edit and overwrite the Audience value with the value found in the Audience column that corresponds to the Carbon Black Cloud URL in the Azure Forwarding Identity Credentials table.
- Navigate to your designated Azure Storage Container.
- From the sidebar, select Access Control (IAM).
- Click + Add and select Add role assignment from the dropdown menu.
- Select the Storage Blob Data Contributor role.
- Under Assign access to, select Managed Identity.
- Click + Select Members.
- From the right panel:
- Select the Subscription under which your Managed Identity was registered.
- Under Managed Identity, select User-assigned managed identity.
- Select the Managed Identity you created for use with your Carbon Black Cloud Data Forwarder.
- Click Select.
- Click Review + Assign two times.