Azure subscriptions

Give learners access to Azure subscriptions.

This guide explains how to access an Azure subscription from Instruqt.

An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more. When you create an Azure resource like a VM, you identify the subscription it belongs to.

— Azure documentation

Before you begin

You must have already built a track to which you can add access to an Azure subscription.

Access Azure subscriptions

It is best to add the Instruqt Cloud Client container to your track to give a learner access to an Azure subscription. Because the Instruqt Cloud Client:

  • Exposes links to the Azure portal for the resources configured in the config.yml file, with the credentials required to log in.

  • Includes the az CLI, pre-configured with the required credentials.

The Azure portal and the az CLI make it easy for content developers and learners to access Azure subscription resources from the sandbox.

It takes the following steps to give learners access to an Azure subscription:

  1. Add an Instruqt Cloud Client container to your track.

  2. Add an Azure subscription to your track.

  3. Add tabs to your challenges where you want to expose the Azure portal or az CLI.

Additionally, you can use:

  • A set of environment variables that are available in the az CLI.

  • Azure built-in roles.

Step 1: Add an Instruqt Cloud Client container to your track

More information can be found in the cloud client section.

Step 2: Add an Azure subscription to your track

  1. Click + Add a cloud account on the Sandbox page.

  2. Select the Azure provider.

  3. In the Name field, enter azuresubscription.

  4. In the Services field, select the services that are going to be enabled.

  5. In the Regions field, select the regions that are going to be enabled.

  6. In the User Roles field, specify the desired roles for the end user.

  7. In the Admin Roles field, specify the desired roles for the admin user.

  8. Click Save to add the Azure subscription. ↳ On the Sandbox page, you will see the new Azure subscription.

  9. Click Back to track to return to the Track dashboard page.

In the Roles field, only provide access to services that are strictly needed to prevent abuse. See Access role for more details.

When specifying Admin Roles, an additional admin user and application will be created with the designated roles.

For setting up the cloud account in lifecycle scripts, it is recommended to use an admin user with elevated privileges. This ensures the ability to perform operations requiring higher privileges than those assigned to the end user.

Note: Admin credentials are injected exclusively into lifecycle scripts, unlike end user credentials which are exposed as environment variables on virtual machines and containers.

Step 3: Add tabs to expose the Azure portal and az CLI

  1. In the Challenges section of the Track dashboard, click Add new followed by Assignment.

  2. Enter/select these values:

    Field
    Value

    Tab name

    Azure subscription

    URL

    azure-subscription

    Description

    Learn about Azure

  3. Click Save.

  4. Click Tabs followed by Add new tab.

  5. Select the Your applications tab type.

  6. Enter/select these values to set the Azure portal:

    Field
    Value

    Tab name

    Azure Portal

    Select your host

    cloud-client

    Path

    /

    Port

    80

  7. Click Save to add the tab.

  8. Click Add new tab again.

  9. Select the Terminal tab type.

  10. Enter/select these values to set the gcloud CLI:

    Field
    Value

    Tab name

    az CLI

    Host

    cloud-client

  11. Click Save to add the tab.

  12. Click the track name to return to the Track dashboard.

  13. Click Play track and test your Azure subscription.

Last updated

Was this helpful?