Documentation
Get Started with Clophi
Clophi is an enterprise cloud operations platform for Azure. This guide explains what Clophi does and where to find documentation for each feature.
What is Clophi?
Clophi unifies the day-to-day operations of running infrastructure on Azure. Such operations include infrastructure-as-code generation, Azure policy management, compliance reporting, drift detection, direct deployments and more. Clophi employs native Azure apis (such as Azure Rest API, Azure CLI, Powershell and Azure SDKs) to work against your live Azure environment.
Prerequisites
Before using any feature, grant Clophi access to your Azure environment through its two service principals:
- Reader(Required) Assign
Readerrole on the Clophi reader service principal on the resource groups or subscriptions you want to be monitored by Clophi. This enables fetching resources, policy definitions, and compliance data. - Deployer(Optional) Assign
Contributorrole on the Clophi deployer service principal on any scope where you want Clophi to deploy or remediate your infrastructure.
Trusted identities
If you use drift detection, add the Object IDs of your CI/CD pipeline service principals and Clophi's own deployer to the trusted identities list. These identities will be treated as authorized against drift detection.
Explore the Features
Clophi's features fall into three functional areas.
Drift & state management
Detect, review, and remediate unauthorized changes on your Azure infrastructure.
- Drift Detection: Continuous monitoring of all Azure resources against captured baselines.
- Auto Fix: Automatic restoration of the baseline in case of an infrastructure drift.
- Policy Drift Detection: Track drifts on policy assignments and policy definitions.
Infrastructure-as-Code
Build, edit, and export infrastructure to Terraform, Bicep, or ARM templates.
- Create Resources: Create new Azure infrastructure from scratch.
- Deployed Resources: Modify existing Azure infrastructure.
- Infrastructure Export: Reverse-engineer your entire existing Azure infrastructure.
- Resource Forms: The schema-driven editor used across Clophi.
- IaC Download & CI/CD Integration: Download created infrastructure in Terraform, Bicep or Arm Template either as parameterized or as non-parameterized version. Directly push the generated code from Clophi to repository and open pull requests.
Policy management
Author, assign, and audit Azure Policy across your environment.
- Author policies: Create custom policy definitions with the Visual Policy Builder.
- Modify policies: Browse and modify Built-in & Custom policy definitions with the Visual Policy Builder.
- Assign policies: View, configure, and create policy assignments.
- Azure Policy Compliance: Use Policy Engine to get detailed compliance reports with field-level and policy rule logic level diagnostics.
- Policy as Code Export: Export your complete Azure Policy environment as PaC.
