Lucidity AutoScaler Permissions Overview
Lucidity AutoScaler is based on an agent-based architecture. A lightweight agent is installed on each of the host instances, which is responsible for monitoring storage metrics and relaying them back to the Lucidity storage service as well as executing scaling commands.
Based on the utilization metrics, it figures out when to perform scaling operations and relays them back to the agent. All interactions with the cloud provider, like attaching and detaching volumes are done by the storage service.
For the Lucidity AutoScaler, we would need the following permissions.
Permission Name | Description | |
|---|---|---|
1 | Microsoft.Compute/virtualMachines/powerOff/action | To initially onboard a VM, Lucidity would require a 45-60 second reboot of the VM being onboarded. (For Linux and Win 2019 only or root onboardings) |
2 | Microsoft.Compute/virtualMachines/start/action | To start the VM after poweroff (during initial onboarding of Linux and Win 2019 or root onboardings). |
3 | Microsoft.Compute/virtualMachines/read | To get metadata about VMs (VM size, type, configuration, IDs etc.). |
4 | Microsoft.Compute/virtualMachines/write | To attach and remove managed disks dynamically. |
5 | Microsoft.Compute/disks/read | To get details about managed disks (size, disk tier etc.). |
6 | Microsoft.Compute/disks/write | To dynamically create new disks and mount them to the VM. |
7 | Microsoft.Compute/disks/delete | After scaling operations, disks that have been detached from VMs and are no longer required. This permission is required as part of the post scaling cleanup operations to remove the now no longer required detached disks |
8 | Microsoft.Network/networkInterfaces/join/action | To associate a Network Interface Card (NIC) with a VM when creating or reconfiguring it as part of scaling operations. |
9 | Microsoft.Compute/diskEncryptionSets/read | To read encryption key URLs, etc. so that the same configuration is set on the new disk post onboarding. |
10 | Microsoft.Compute/locations/communityGalleries/images/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
11 | Microsoft.Compute/locations/communityGalleries/images/versions/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
12 | Microsoft.Compute/galleries/images/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
13 | Microsoft.Compute/galleries/images/versions/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
14 | Microsoft.Compute/images/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
15 | Microsoft.Compute/locations/sharedGalleries/images/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
16 | Microsoft.Compute/locations/sharedGalleries/images/versions/read | To identify the exact image version being used by the VM, to help us identify if the image version is supported. To access any instance related information (OS version, etc.) for instances created using an image. |
17 | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action | To install the lucidity agent on the VMs from our dashboard using Run command (for VMSS). |
18 | Microsoft.Compute/virtualMachines/runCommand/action | To perform Azure Run command to retrieve disk utilization of VMs. This is an alternative in case Log Analytics is unable to retrieve utilization%. |
19 | Microsoft.Compute/virtualMachines/runCommands/read | To read the output of an action performed using Microsoft.Compute/virtualMachines/runCommands/action. |
20 | Microsoft.Compute/virtualMachines/runCommands/write | To perform any Run commands (for eg: df -h) on the VM. |
21 | Microsoft.Insights/MetricBaselines/Read | To read the disk utilization baseline from Azure Monitor workspace. |
22 | Microsoft.Insights/MetricDefinitions/Read | To read metric definitions from Azure monitor workspace. |
23 | Microsoft.Insights/Metricnamespaces/Read | To read metric namespaces in Azure monitor and access relevant metric definitions. |
24 | Microsoft.Insights/Metrics/Read | To read performance metrics (CPU, memory usage, disk I/O, etc. ). |
25 | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write | To attach and remove managed disks dynamically. |
26 | Microsoft.Authorization/roleDefinitions/read | To read the role definitions of the above assignments. |
27 | Microsoft.Authorization/roleAssignments/read | To identify which roles are assigned to which entities within the current scope. |
28 | Microsoft.Compute/virtualMachines/reapply/action | To reapply VM configuration to sync azure's caches with the latest vm state, to resolve config or state related issues without redeploying. |
29 | Microsoft.Compute/virtualMachines/redeploy/action | To redeploy a VM to resolve config or state related issues. Used only after customer permission as it causes a VM restart. |
30 | Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | To retrieve information about the available service limits (quotas) for different resources. |
31 | Microsoft.Compute/snapshots/read | To allow reading and retrieving detailed information about existing managed snapshots. |
32 | Microsoft.Compute/snapshots/write | To allow creating new snapshots or updating existing snapshots of managed disks in a subscription. |
33 | Microsoft.Compute/snapshots/delete | To allow deleting existing managed snapshots from a subscription. |
34 | Microsoft.CostManagement/*/read | To allow reading cost and usage data across all resources within the subscription. |
35 | Microsoft.Compute/disks/beginGetAccess/action | To allow initiating temporary access to a managed disk. This gives Azure’s snapshot service a temporary read-only SAS (Shared Access Signature) URL to read the disk data blocks. |