I’m just beginning my adventure into Azure. So my journey begins with figuring out what is in place already at my company as far as Azure goes. So my first foray was to build what I call an Azure RM Audit script.
With a little help from some friends @gamerlivingWill I came up with a script to audit what I had.
To begin with I had to find out how to login to Azure I found these set of links to be the most useful for me:
How to install and configure Azure PowerShell
Now with that knowledge I was able to put a script together that.
- Found all my Subscriptions
- Found all the resources under each subscription
- Get all the resources that are (classic) otherwise known as ASM resources.
- In the final object query the column called Resource ID for the value Microsoft.Classic and you’ll see your classic Resources(ASM).
To Connect to azure I used the following command
Import-azurerm
Login-AzureRMAccount -credential $myAzureCredentials
The $myAzureCredentials are my credentials that I encrypt and re-use in each Powershell Session.
Now that I’m logged into azure I can find what subscriptions I have access to through this cmdlet:
OK I have my subscriptions and now I need to find the resources. I found that if I’m in a subscription I can query the resouces with Get-AzureRmResource
Since this is only valid for the current subscription. I know this because get-AzureRMContext tells me my current context and if I compare the SubscriptionId to each of the found resources I’ll see they are the same value.
To find all the resources under the rest of my subscriptions I’m going to get all my subscriptions into an object. Then I’ll loop through that object one subscription at a time and query the resources. In the end I’ll end up with an object of all my resources.
Here is the rest of the script, once again I need to thank @gamerlivingWill for helping me get to the final function:
function Get-DaAzureRMResources
{
[CmdletBinding()]
param()
<#
.Synopsis
gets azure ARM resources and outputs to an object.
.DESCRIPTION
Connect to Azure and retrieve quota information from associated subscriptions.
.EXAMPLE
Get-PAzureRMResources
.EXAMPLE
Get-PAzureRMResources
.NOTES
#>
BEGIN
{
#$azureObject = @()
write-verbose 'Verifying user is logged into Azure.'
If ((Get-AzureRMContext) -eq $null)
{
write-verbose 'User is not logged into Azure. Begin login process.'
Add-AzureRmAccount
} #If
Else
{
write-verbose (‘User is logged into Azure as ‘ + (Get-AzureRmContext).Account + ‘. Continuing…’)
} #Else
} #BEGIN
PROCESS
{
$subs = Get-AzureRmSubscription
ForEach ($SubName in $subs)
{
#Import-Module AzureRM.profile
write-verbose (“Subscription $($SubName.SubscriptionName) specified. Retrieving information on the specified subscription.”)
Try
{
$azureRMSubcription = Set-AzureRmContext -SubscriptionName ($SubName.SubscriptionName)
$Subscription = Get-AzureRmResource
ForEach ($Sub in $Subscription)
{
[PSCustomObject]@{
‘SubscriptionName’ = $SubName.SubscriptionName
‘Name’ = $Sub.Name
‘ResourceName’ = $Sub.ResourceName
‘ResourceType’ = $Sub.ResourceType
#’Tags’ = $Sub.Tags
‘Location’ = $Sub.Location
‘ResourceId’ = $Sub.ResourceId
‘SubscriptionId’ = $Sub.SubscriptionId
} #PSCustomObject
} #ForEach
} #Try
Catch [System.Exception]
{
write-verbose (‘Error Output was’ + ($Error[0] | Select-Object *))
} #Catch
} #ForEach
#$azureObject
} #PROCESS
END
{
write-verbose ‘Processing of Azure ARM Audit complete.’
} #END
} #Function
Until then Keep Scripting
ScriptPosse 
One thought on “Auditing Azure Resources”