Last Updated: 2024-02-26
Azure service principals are service identities used by applications and automation tools to access Azure resources securely. They have a number of different characteristics.
Service principals do not control individual user logins. Instead, they are used by applications, services, or automation tools to access Azure resources on behalf of users by providing the specific permissions needed to access resources in Azure. The roles assigned to service principals define which actions those applications or services can perform using Azure resources.
Service principals are primarily used to automate tasks. This typically includes several key automation use cases:
Service principals ensure secure interaction between applications and Azure resources without manual intervention. Starburst Galaxy supports using Azure service principal as a means of securely connecting to your Azure Data Lake Storage (ADLS).
In this tutorial, you will learn how to use Starburst Galaxy, ADLS, and Azure service principals together. .
In this tutorial, you will learn how to configure an Azure service principal. You will work in both the Azure portal and Starburst Galaxy UI.
Once you've completed this tutorial, you will be able to:
Starburst tutorials are designed to get you up and running quickly by providing bite-sized, hands-on educational resources. Each tutorial explores a single feature or topic through a series of guided, step-by-step instructions.
As you navigate through the tutorial you should follow along using your own Starburst Galaxy account. This will help consolidate the learning process by mixing theory and practice.
Azure allows you to to register your application or service, integrating it with Microsoft Entra ID. This is the first step towards using Azure Service Principals.
After registration, your application will be able to sign in users, request access to Microsoft Entra ID-protected resources like APIs, and perform other authentication-related tasks. This will be used to allow Azure Service Principals.
You'll begin in the Azure portal. If you use multiple Azure accounts, make sure to log in to the account that has access to the ADLS that you want to use for this tutorial.
Now it's time to create a new Application registration using the Azure portal.
To register a new application, you must provide a name and supported account type.
Now it's time to capture some details about your application registration. Later in this tutorial, you'll need these to set up your Azure Service Principal.
At this point, you should be on the Overview page for your new app registration. In the Essentials section, copy the following details, and save them for future use.
An Azure client secret is a credential used by an application to authenticate its identity when requesting access to resources from Microsoft Entra ID. Similar to a user's username and password, it serves as a form of authentication for the application.
In this section, you'll create a client secret for authentication between Azure and Starburst Galaxy. Later in the tutorial, this will be used to help set up your Azure Service Principal.
You're going to start by creating a new client secret in the Azure portal.
It's time to begin configuring the new secret. To do this, you're going to add a description and expiration date.
Azure will have created a new secret. Next, you need to save it and use it to configure the Azure service principal authentication in Starburst Galaxy.
It's time to switch over to the Starburst Galaxy UI. In this next section you will configure a new Azure service principal using the information you just obtained from your application registration.
Starburst Galaxy separates users by role. Your current role is listed in the top right-hand corner of the screen.
Setting up Azure Service Principal authentication will require access to a role with appropriate privileges. Today, you'll be using the accountadmin role.
Starburst Galaxy supports all three major cloud providers: AWS, Azure, and Google Cloud. The Starburst Galaxy web UI lets you configure access to each cloud provider using the Cloud settings menu.
Now it's time to use the information that you copied from the Azure portal to configure the Azure service principal. To do this, you're going to use the Starburst Galaxy web UI.
Azure data lake storage (ADLS) requires sufficient permissions to allow Starburst Galaxy to access your data sources in Azure. In particular, you will need to grant both the Contributor and Storage Blob Data Owner roles to the service principal you're using for authentication.
This section will walk you through the process of granting these roles in the Azure portal. You'll begin by navigating to the Storage accounts section.
You're going to begin in the Azure portal. To grant permissions to your ADLS account, you need to locate it from a list of storage accounts.
Now it's time to locate the ADLS account that you'd like to connect to Starburst Galaxy.
It's time to add the first of two new role assignments to your ADLS account. This one will allow your service principal to have Contributor permissions to your storage account.
Now you need to add your Azure service principal as a member of this role. This will complete the connection between the two.
erin-rosas-starburst-galaxy
.Now that you've added the new role, it's time to confirm that it has been assigned properly.
Next, it's time to add the second role assignment. This one will allow your service principal to have Storage Blob Data Owner permissions to access your storage account.
Now it's time to add your Azure service principal as a member of this role. This will complete the connection between the two.
erin-rosas-starburst-galaxy
.Now that you've added the second role, it's time to confirm that it has been assigned properly. This step is similar to the check you did on the first role.
Congratulations! You have reached the end of this tutorial, and the end of this stage of your journey.
You're all set! Now you can use your Azure service principal to configure access to data in your ADLS catalogs.
At Starburst, we believe in continuous learning. This tutorial provides the foundation for further training available on this platform, and you can return to it as many times as you like. Future tutorials will make use of the concepts used here.
Starburst has lots of other tutorials to help you get up and running quickly. Each one breaks down an individual problem and guides you to a solution using a step-by-step approach to learning.
Visit the Tutorials section to view the full list of tutorials and keep moving forward on your journey!