Azure subscriptions

Give learners access to Azure subscriptions.

This guide explains how to access an Azure subscription from Instruqt.

An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more. When you create an Azure resource like a VM, you identify the subscription it belongs to.
— Azure documentation

Before you begin

You must have already built a track to which you can add access to an Azure subscription.

Access Azure subscriptions

It is best to add the Instruqt Cloud Client container to your track to give a learner access to an Azure subscription. Because the Instruqt Cloud Client:

Exposes links to the Azure portal for the resources configured in the config.yml file, with the credentials required to log in.
Includes the az CLI, pre-configured with the required credentials.

The Azure portal and the az CLI make it easy for content developers and learners to access Azure subscription resources from the sandbox.

It takes the following steps to give learners access to an Azure subscription:

Add an Instruqt Cloud Client container to your track.
Add an Azure subscription to your track.
Add tabs to your challenges where you want to expose the Azure portal or az CLI.

Additionally, you can use:

A set of environment variables that are available in the az CLI.
Azure built-in roles.

Step 1: Add an Instruqt Cloud Client container to your track

Click the track where you want to add an Azure subscription to.
In the Sandbox section, click Edit to open the Sandbox page.
Click + Add a host. ↳ The Add host page opens.
Pick the Container host type.
Enter/select these values:
Field Value
Hostname
cloud-client
Image type
Choose your own
Image
gcr.io/instruqt/cloud-client
Click Show optional settings. Enter these values:
Field Value
Ports
80
Shell
/bin/bash
Click Save host to add the container.

Field	Value
Hostname	`cloud-client`
Image type	`Choose your own`
Image	`gcr.io/instruqt/cloud-client`

Field	Value
Ports	`80`
Shell	`/bin/bash`

Open the file config.yml in your code editor.

Copy and paste the following code under the containers property:

- name: cloud-client
  image: gcr.io/instruqt/cloud-client
  ports: [80]
  shell: /bin/bash

Step 2: Add an Azure subscription to your track

Click + Add a cloud account on the Sandbox page.
Select the Azure provider.
In the Name field, enter azuresubscription.
Click Save to add the Azure subscription. ↳ On the Sandbox page, you will see the new Azure subscription.
Click Back to track to return to the Track dashboard page.

Only provide access to services that are strictly needed to prevent abuse. See Access role for more details.

Copy and paste the following code into config.yml:

azure_subscriptions:
- name: azuresubscription

↳ Your config.yml file should be similar to this now:

version: "3"
containers:
- name: cloud-client
  image: gcr.io/instruqt/cloud-client
  ports: [80]
  shell: /bin/bash
azure_subscriptions:
- name: azuresubscription

**Assigned roles**

Note the `roles` property under `azure_subscriptions` where you can grant different access levels for your learners in the Azure subscription. Read the [Azure built-in roles](azure-subscriptions.md#azure-built-in-roles) section to learn more about how to enable the right roles for your learners.

Step 3: Add tabs to expose the Azure portal and `az` CLI

In the Challenges section of the Track dashboard, click Add new followed by Assignment.
Enter/select these values:
Field Value
Tab name
Azure subscription
URL
azure-subscription
Description
Learn about Azure
Click Save.
Click Tabs followed by Add new tab.
Select the Your applications tab type.
Enter/select these values to set the Azure portal:
Field Value
Tab name
Azure Portal
Select your host
cloud-client
Path
/
Port
80
Click Save to add the tab.
Click Add new tab again.
Select the Terminal tab type.
Enter/select these values to set the gcloud CLI:
Field Value
Tab name
az CLI
Host
cloud-client
Click Save to add the tab.
Click the track name to return to the Track dashboard.
Click Play track and test your Azure subscription.

Field	Value
Tab name	`Azure subscription`
URL	`azure-subscription`
Description	`Learn about Azure`

Field	Value
Tab name	`Azure Portal`
Select your host	`cloud-client`
Path	`/`
Port	`80`

Field	Value
Tab name	`az CLI`
Host	`cloud-client`

Open a terminal and move to your track directory.
Enter the following command to create a new challenge:
```
instruqt challenge create --title "AzureSubscription"
```
↳ Instruqt CLI created a directory for the challenge. And an assignment.md file inside the challenge directory.
Open the assignment.md file in your code editor.

Copy and paste the following code into assignment.md to set the Azure portal and az CLI:

---
slug: azure-challenge
type: challenge
title: Azure subscription
teaser: Learn to work with an Azure subscription
tabs:
- title: Azure Portal
  type: service
  hostname: cloud-client
  path: /
  port: 80
- title: az CLI
  type: terminal
  hostname: cloud-client
difficulty: basic
timelimit: 600
---

⇨ You can add the assignment text of your liking in Markdown after line 17.

Save file assignment.md.
Push the track to the Instruqt platform:
```
instruqt track push
```
Play and test the track:
```
instruqt track open
```
↳ Your browser opens, showing the Track overview page. Click Start track to play the track.

Environment variables

Adding an Azure subscription to your track also sets a list of environment variables that you can use in commands and scripts:

Environment variable

Description

INSTRUQT_AZURE_SUBSCRIPTIONS

A comma-separated list of project names that can be used to fill ${NAME} in the variables below

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_SUBSCRIPTION_NAME

The subscription display name

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_SUBSCRIPTION_ID

The subscription ID

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_USERNAME

The username that can be used to sign into the Azure portal

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_PASSWORD

The password that can be used to sign into the Azure portal

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_SPN_ID

The application ID for the service principal

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_SPN_PASSWORD

The password for the service principal

INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_TENANT_ID

The tenant ID for this subscription

Example

This example shows the id of the Azure subscription from a terminal by using two environment variables. The value of the INSTRUQT_AZURE_SUBSCRIPTIONS environment variable is inserted in the INSTRUQT_AZURE_SUBSCRIPTION_${NAME}_SUBSCRIPTION_ID environment variable.

To follow along:

Start your Azure subscription track and start the first challenge.
Move over to the Cloud CLI terminal and enter the following command:
```
eval echo "\${INSTRUQT_AZURE_SUBSCRIPTION_${INSTRUQT_AZURE_SUBSCRIPTIONS}_SUBSCRIPTION_ID}"
```
↳ The terminal shows the id of your Azure subscription.

Azure built-in roles

The roles option allows you to choose one or more Azure built-in roles to grant access to your Azure subscription. See Azure built-in roles that you can apply.

You might start with the role Virtual Machine Contributor which gives the learner the ability to spin up and configure Azure virtual machines:

Update your Azure subscription by entering the following in the Assigned Roles field:

Virtual Machine Contributor

And clicking Add.

Edit your config.yml file to include this content:

azure_subscriptions:
- name: azuresubscription
  roles:
  - Virtual Machine Contributor

Great! Your learners can now access Azure subscriptions. But there is more. You can also give them access to:

PreviousAWS accounts NextLifecycle scripts

Last updated 1 month ago