DuckDefender
Deployment Options
Runners
Azure

Azure runner configuration

Before configuring runner, make sure you have logined to the azure website and open the terminal.

Click on Cloud Shell (opens in a new tab) in navbar and type

az login

After entering the command, you will be able to see the below and follow the steps as shown.

Cloud Shell is automatically authenticated under the initial account signed-in with. Run 'az login' only if you need to use a different account
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code E******S to authenticate.

Follow the provided link: https://microsoft.com/devicelogin (opens in a new tab) and enter the code displayed in Cloud Shell to complete the login process.

After completing the validation, you will get the details that are specific to tenant.

Download flyingduck-azure-integration script on azure terminal using the following command.

wget https://awosasins-artifacts.s3.amazonaws.com/flyingduck-azure-integration/setup.sh

Run the script using the command

sh setup.sh --enable runners

Runner can be configured in two ways.

  1. In a new azure flyingduck app
  2. In an existing azure flyingduck app

In a new azure flyingduck app

  • You will be prompted to allow app registration permissions. Select Yes when asked.

  • Enter the name example-name for the app registration so that app will be created with that name.

Custom role FlyingDuckAzureRunnersRole will be created, this role will be assigned to the app registration with the application id. You wil get some details like :

  • Application Name: [app name]
  • Application ID (Client ID): [some Id]
  • Tenant ID: [some Id]
  • Client Secret: [some Id]
  • Subscription id: [some Id]

In a existing azure flyingduck app

  • You will be prompted to allow app registration permissions. Select No when asked.
  • Provide the Existing FlyingDuck Azure Application (Client) ID when prompted.

Custom role FlyingDuckAzureRunnersRole will be created, this role will be assigned to the app registration with the application id. You wil get some details like :

  • Application Name: [app name]
  • Application ID (Client ID): [some Id]
  • Tenant ID: [some Id]
  • Subscription id: [some Id]

Configure FlyingDuck Azure Runner

Configure runner

  • Select Azure.

Azure runner

  • Enter App Registration Details

Azure App Registration

Provide the following values from Azure:

  • Application ID (Client ID)
  • Tenant ID
  • Subscription ID

Then click Continue.

Template Spec creation for VM

Template spac creation

PREREQUISITES
Before deploying a custom deployment template, ensure that the required resources are in place, including a resource group, a network interface with an associated security group, and a SSH key.
For more information on creating these resources, refer to the Azure Resources.

⚠️

Make sure all resources are created in the same region, such as East US, to ensure consistency.

Deploy custom template in Azure:

  • Go to the Azure Portal (opens in a new tab) and search for Deploy a custom template.
  • Click Build your own template in the editor.
  • Before moving to the next step download the flyingduck-azure-runners.json.
  • Use the Load File option and upload the flyingduck-azure-runner.json file downloaded previously.
  • Save the template.

Complete the required fields, including:

  • Under Subscription select Azure Subscription
  • Enter Resource group
  • Enter Network Interface Name
  • Authentication Type
    • Choose the sshPublicKey or Password option, paste the respective value in the Admin Password Or Key field (preffered SSH key).
  • In FD_API_KEY Enter the FlyingDuck API Key
  • Click Review + Create to finalize the deployment.

Provide the following values:

Azure runner details

  • Name
  • Description
  • Subscription ID
  • Resource group name
  • In the Template spec name enter this value flyingduck-template-spec

Click Continue. Azure runner will be created and the related info will be displayed.

AWSOn-premise