ArtifactType | Language | Platform | Tags |
---|---|---|---|
Excel spreadsheet with the full Azure environment |
Powershell |
Windows / Linux / Mac |
Powershell, Azure, Inventory, Excel Report, Customer Engineer |
Azure Resource inventory (ARI) is a powerful script written in powershell that generates an Excel report of any Azure Environment you have read access.
This project is intend to help Cloud Admins and anyone that might need an easy and fast way to build a full Excel Report of an Azure Environment.
Among the many improvements, those are the highlights of the new version:
Since the begining of the project, we wanted ARI to evolve and keep pace with the improvements on Azure Resources. Keeping that in mind we are adding extra modules for newer resources.
We also reviewed and updated some of the old resources as well.
Network Topology was cool but in large environments it had some problems (i.e.: freezing and never finishing), and even when it finished it might take forever.
We added parallel processing to diagram, now during the execution of ARI, an extra folder (DiagramCache) will be created, that folder is used by the diagram to store temporary components of the diagrams, after all the parallel processing is done those files are merged in the main diagram.
Now diagram will even finish way before the Excel file.
Tab names were added in the diagram and now the Network Topology is the first tab.
Also in the Network Topology, we are using color in the diagram to identify the different Virtual Network usages in HUB-Spoke topologies.
Colors will also be used to indicate broken peers.
We added extra tabs in the new diagram, the second tab is called "Organization" and will present the hierarquical view of subscriptions in the environment.
The idea is to make easier to align your environment with the Microsoft's Landing Zone design (What is an Azure landing zone).
Since not everyone have really complex network environments, many people complain about diagram not really presenting much for their environments.
This change now. Every single Subscription will be a tab in the diagram, those tabs will contain the Subscription, the resource groups and the sum of every type of resource in the resource groups. By now almost every type of draw.io stencil available will be identified, with more coming in the next months.
Some people were asking to run ARI in Azure Automation Account and since the old script for automation accounts was not working we managed to fix it for this version. But now is require to use Runtime 7.2 and add the modules: "ImportExcel", "Az.ResourceGraph", "Az.Storage", "Az.Account" and "ThreadJob" in the Automation Account.
The required steps are present in the: Automation Guide.
- The dashboard shows an overall view and summary of resources in the environment.
- The resource sheet present details and recommendations, security and costs reducing tips for the resources.
By default everytime you run the Azure Resource Inventory the diagram will be created.
If you do not wish to have the diagram created, you must use the -SkipDiagram parameter.
Also, by default the Network Topology will not consider Virtual Networks that are not connected trough peering. If you wants to include those Virtual Networks in the diagram, you must use the parameter -DiagramFullEnvironment.
- An extra detail is that if you hover the mouse cursor over any resource in the Network Topology you get the resource details:
- This feature is available for any resource and even peering lines:
Parameter | Description | |
---|---|---|
TenantID | Specify the tenant ID you want to create a Resource Inventory. | -TenantID <ID> |
AppId | Service Principal Authentication | -AppId <Client ID> |
Secret | Client secret of the Service Principal | -Secret <Client secret> |
SubscriptionID | Specifies Subscription(s) to be inventoried. | -SubscriptionID <ID> |
ManagementGroup | Specifies the Management Group to be inventoried(all Subscriptions on it) | -ManagementGroup <ID> |
Lite | Speficies to use only the Import-Excel module and don't create the charts (using Excel's API) | -Lite |
SecurityCenter | Include Security Center Data. | -SecurityCenter |
SkipAdvisory | Do not collect Azure Advisory. | -SkipAdvisory |
IncludeTags | Include Resource Tags. | -IncludeTags |
Debug | Run in a Debug mode. | -Debug |
DiagramFullEnvironment | Network Diagram of the entire environment | -DiagramFullEnvironment |
Diagram | Create a Visio Diagram. | -Diagram |
SkipDiagram | To skip the diagrams creation | -SkipDiagram |
DeviceLogin | Authenticating on Azure using the Device login approach | -DeviceLogin |
AzureEnvironment | Choose between Azure environments > Registered Azure Clouds. Use az cloud list to get the list |
-AzureEnvironment <NAME> |
ReportName | Change the Default Name of the report. Default name: AzureResourceInventory |
-ReportName <NAME> |
ReportDir | Change the Default path of the report. | -ReportDir "<Path>" |
Online | Use Online Modules. Scan Modules diretly in GitHub ARI Repository | -Online |
ResourceGroup | Specifies one unique Resource Group to be inventoried, This parameter requires the -SubscriptionID to work. | -ResourceGroup <NAME> |
TagKey | Specifies the tag key to be inventoried, This parameter requires the -SubscriptionID to work. |
-TagKey <NAME> |
TagValue | Specifies the tag value be inventoried, This parameter requires the -SubscriptionID to work. |
-TagValue <NAME> |
QuotaUsage | Quota Usage | -QuotaUsage |
- For CloudShell:
/>./AzureResourceInventory.ps1
- Powershell Desktop:
/>./AzureResourceInventory.ps1
If you do not specify Resource Inventory will be performed on all subscriptions for the selected tenant. To perform the inventory in a specific Tenant and subscription use
-TenantID
and-SubscriptionID
parameter/>./AzureResourceInventory.ps1 -TenantID <Azure Tenant ID> -SubscriptionID <Subscription ID>
- Including Tags:
/>./AzureResourceInventory.ps1 -TenantID <Azure Tenant ID> --IncludeTags
By Default Azure Resource inventory do not include Resource Tags.
- Collecting Security Center Data:
/>./AzureResourceInventory.ps1 -TenantID <Azure Tenant ID> -SubscriptionID <Subscription ID> -SecurityCenter
By Default Azure Resource inventory do not collect Security Center Data.
- Skipping Azure Advisor:
/>./AzureResourceInventory.ps1 -TenantID <Azure Tenant ID> -SubscriptionID <Subscription ID> -SkipAdvisory
By Default Azure Resource inventory collects Azure Advisor Data.
- Creating Network Diagram:
/>./AzureResourceInventory.ps1 -TenantID <Azure Tenant ID> -Diagram
These instructions will get you a copy of the project up and running on your local machine or CloudShell.
Resource Provider | Results | Draw.io Diagram | Comments |
---|---|---|---|
Windows | Fully successfully tested | Supported | Best Results |
MAC | Fully successfully tested | Not Supported | |
Linux | Tested on Ubuntu Desktop | Not Supported | No Table auto-fit for columns |
CloudShell | Tested on Azure CloudShell | Not Supported | No Table auto-fit for columns |
Tool | Version |
---|---|
Windows | 11 22H2 |
Powershell | 5.1.19041.1237 |
ImportExcel | 7.8 |
azure-cli | 2.48.1 |
AzCLI account | 0.2.3 |
AzCLI resource-graph | 2.1.0 |
You can use Azure Resource Inventory in both in Cloudshell and Powershell Desktop.
What things you need to run the script
- Install-Module ImportExcel
- Install Azure CLI
- Install Azure CLI Account Extension
- Install Azure CLI Resource-Graph Extension
By default Azure Resource Inventory will call to install the required Powershell modules and Azure CLI components but you must have administrator privileges during the script execution.
Special Thanks for Doug Finke, the Author of Powershell ImportExcel Module.
Very Important: Azure Resource Inventory will not upgrade the current version of the Powershell modules.
Important: If you're running the script inside Azure CloudShell the final Excel will not have Auto-fit columns and you will see warnings during the script execution (but the results of your inventory will not be changed :)
-
Its really simple to use Azure Resource Inventory, all that you need to do is to call this script in PowerShell.
-
Run "AzureResourceInventory.ps1". In Azure CloudShell you're already authenticated. In PowerShell Desktop you will be redirected to Azure sign-in page.
- If you have privileges in multiple tenants you can specify the desired one by using "-TenantID" parameter or Azure Resource will scan all your tenants ID and ask you to choose one.
-
After properly authenticated and with the TENANT selected, the Azure Resource Inventory will perform all the work of extracting and creating the inventory.
-
The duration will vary according to the number of subscriptions and resources. In our tests we managed to generate in 5 minutes the inventory of a Tenant with 15 subscriptions and about 12000 resources.
-
Azure ResourceInventory uses "C:\AzureResourceInventory" as default folder for PowerShell Desktop in Windows and "$HOME/AzureResourceInventory" for Azure CloudShell to save the final Excel file.
-
This file will have the name "AzureResourceInventory_Report_yyyy-MM-dd_HH_mm.xlsx" where "yyyy-MM-dd_HH_mm" are the date and time that this inventory was created.
We use SemVer for versioning. For the versions available, see the tags on this repository.
We also keep the CHANGELOG.md
file in repository to Document version changes and updates.
The main authors of this project are:
- Claudio Merola (claudio.merola@microsoft.com)
- Renato Gregio
Please read our CONTRIBUTING.md which outlines all of our policies, procedures, and requirements for contributing to this project.
Copyright (c) 2018 Microsoft Corporation. All rights reserved.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.