The most important part of Azure governance is to keep control of your Azure resources while not loosing agility and speed. There are several tools, procedures and services that assist you getting in control of your Azure resources. One I would like to highlight here is the “Azure Resource Graph”.
In Azure, different types of resources are managed by different resource providers. That makes querying resources quite complex, because you need to talk to lots of different resource providers to extract/analyze information from different resource types such a virtual networks, public ip addresses or SQL databases. Azure Resource Graph simplifies this process by giving you a unified API to access information from all existing resources in Azure. There are several ways on how the Azure Resource Graph can be used:
- Azure CLI (as an extension)
- Azure PowerShell Core (Az.ResourceGraph module)
- Azure PowerShell (AzureRM.ResourceGraph module)
- Azure Portal (“All Resources” view)
Let’s have a quick look at the Azure portal. If you go to all “All Resources” you get a nice overview of everything you have in your Azure environment. You can filter and group very easily, no matter what resource types you are looking at. There is even a preview of a new look and feel and even more options.
For the rest of this post I will cover the PowerShell Core approach, but you can easily translate that to either PowerShell or Azure CLI. First, you need to install the appropriate Az-Module and/or AzureRM-Module.
- PowerShell Core Module: Az.ResourceGraph
- PowerShell Module: AzureRM.ResourceGraph
Once the module is installed you can start writing queries to get information about your resources. If you are already familiar with the Kusto Query Language (KQL), then you will experience an easy kickstart into this. However, if this is new for you, check out this link as a starting point to quickly lift you some levels up.
The cmdlet used is “Search-AzGraph” followed by the query parameter with the query. Something like this:
Search-AzGraph –Query “query”
Here are some example queries:
- “summarize count()” > Count the number of resources
- “summarize count() by type” > Count the number of resources by type
- “project type,subscriptionId,resourceGroup,location,name” > Get a resources list with specific properties
- “where type =~’microsoft.compute/virtualmachines'” > Get resources of a specific type (virtual machines) that are managed by a specific resource provider (microsoft.compute)
- “where type =~’microsoft.storage/storageaccounts’ | where kind=~’StorageV2′ | project name” > Get storage accounts of kind StorageV2
- “where type =~ ‘microsoft.network/virtualnetworks’ | where properties.enableDdosProtection =~ ‘false’ | project name” > All virtual networks with DDOS protection in only standard mode
Now what do do with that data? You can use those queries ad-hoc if you need to know anything specific. In that case, the Azure portal might be easier to handle. However, if you want to work with the returned data, you can use PowerShell- or Azure CLI-Scripts to collect and process resource-based data. To give you an example, I created a (very) simple Power BI dashboard that uses the data from the Azure Resource Graph to surface data and allows me to easily filter or drill down into it.
And now it’s your turn to think about valuable solutions. Happy resource management!