Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GR4 | FinOps Controls #180

Open
MathesonSho opened this issue Aug 9, 2024 · 4 comments
Open

GR4 | FinOps Controls #180

MathesonSho opened this issue Aug 9, 2024 · 4 comments
Assignees
@singhgss
Labels
Iteration #1 PriorityForAssignees -High V2.0 Applicable for updating to v2.0

Comments

@MathesonSho
Copy link
Contributor

MathesonSho commented Aug 9, 2024
edited
Loading

Multiple controls ItemName N/A : Financial Operations Oversight Tool

Description: This is a new control designed to check the installation status, permissions, and updates of the newly created finops tool for the Government of Canada. In general the control will perform the following checks (similar to the existing APPID ones):

  • Tool Installation Status: Verify if the tool is installed on the system.
  • Permissions Check: Assess whether the specified permissions are appropriately assigned to the tool.
  • Update Verification: Ensure that the tool is up to date with the latest version and patches.

This control aims to streamline the verification process, providing a quick and automated way to ensure that the tool is ready for use with the correct configuration and security settings for clients.

Other details:
Check 1: We’ll look for the following Service Principle Application name: “CloudabilityUtilizationDataCollector” at the root tenant level or for each Management group in the environment.

Check 2: Permissions required for the Service Principal
 Role = Reader
 Assign Access = User, Group or Service Principal
 Select = “CloudabilityUtilizationDataCollector”

Check 3 : Roles Check (See screenshots from Amrinder)

  • Cloud Application Administrator
  • Custom:
  • Reports Reader

Comments TBD
@MathesonSho MathesonSho added V2.0 Applicable for updating to v2.0 DoNotStart Do not start the development yet labels Aug 9, 2024
@amrinderssc
Copy link
Contributor

Application Name: CloudabilityUtilizationDataCollector
Application ID: 1ba79ced-1862-41d1-95bc-66d6bc5aff7f

@amrinderssc
Copy link
Contributor

Application Roles:

image

@amrinderssc
Copy link
Contributor

Application Permissions:

image

@MathesonSho MathesonSho removed the DoNotStart Do not start the development yet label Aug 12, 2024
@singhgss
Copy link
Contributor

EN = "Service Principal 'CloudabilityUtilizationDataCollector' does not exist."
FR = "Le principal de service « CloudabilityUtilizationDataCollector » n'existe pas."
EN = "Service Principal does not have the required Cloud Application Administrator and Reports Reader roles."

FR = "Le principal de service n'a pas les rôles requis d'Administrateur d'application infonuagique et Lecteur de rapports."
EN = "The FinOps tool is compliant with all requirements."

FR = "L'outil FinOps est conforme à toutes les exigences."
EN = "The FinOps tool is not compliant. Reasons:"

FR = "L'outil FinOps n'est pas conforme. Raisons:"
ItemName: FinOps Tool Status (M)

ItemNameFR: Statut de l'outil FinOps (M)
ItemName: FinOps Tool Permissions (M)

ItemNameFR: Autorisations de l'outil FinOps (M)
ItemName: FinOps Tool Role Assignments (M)

ItemNameFR: Attributions des rôles de l'outil FinOps (M)

Msgs used above.
Discussed with @MathesonSho and @dutt0 we are using 1 control instead of multiple controls as all checks are related to single service principal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@singhgss singhgss

Labels
Iteration #1 PriorityForAssignees -High V2.0 Applicable for updating to v2.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MathesonSho @amrinderssc @singhgss @dutt0