footnote for attestation mode

add Azure attestationprovider perm
2025-03-12 18:16:57 -04:00 · 2023-03-28 18:35:04 +02:00 · 2023-03-28 18:29:33 +02:00
1 changed files with 3 additions and 0 deletions
--- a/docs/docs/getting-started/install.md
+++ b/docs/docs/getting-started/install.md
@ -138,6 +138,7 @@ To [create a Constellation cluster](../workflows/create.md#the-create-step), you
 * `Microsoft.Network/virtualNetworks/subnets/*`
 * `Microsoft.Compute/virtualMachineScaleSets/*`
 * `Microsoft.ManagedIdentity/userAssignedIdentities/*`
+* `Microsoft.Attestation/attestationProviders/*` \[2]

 The built-in `Contributor` role is a superset of these permissions.

@ -145,6 +146,8 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az

 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration.

+2: You can omit `Microsoft.Attestation/attestationProviders/*` if `EnforceIDKeyDigest` is set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster).
+
 </tabItem>
 <tabItem value="gcp" label="GCP">
Author	SHA1	Message	Date
stdoutput	b2a9a73094	footnote for attestation mode	2023-03-28 18:35:04 +02:00
stdoutput	b75b2e8b13	add Azure attestationprovider perm	2023-03-28 18:29:33 +02:00