Getting started with Azure Resource Graph
Join me as I look at what Azure Resource Graph is and how to get started with writing queries!
Azure Resource Graph is a service built into the Azure platform that helps you query your resources and subscription information. It can be used to explore governance requirements or pull together information regarding resources into one view.
The query language that Azure Resource Graph uses is based on the Kusto Query Language (KQL) that is used by Azure Data Explorer.
In this blog post, we'll embark on a journey to harness the power of Azure Resource Graph, explore various resource types, delve into dynamic types within the KQL language, master the art of summarising and sorting query results, and ultimately unlock the potential of this invaluable tool in your Azure arsenal. Let's dive in!
Using Azure Resource Graph
To use Azure Resource Graph successfully you need to have read access to any subscriptions and resources you wish to query. If you don’t have read access to a resource or a subscription they will not appear within your results.
Resource Types
There are a number of tables you can query from within Azure Resource Graph. The most common is the “resources” table. This is where most of your Azure subscription resources live, Azure Sentinel and Azure Security Center are not classed as resources.
To get an idea of the resource types currently deployed within your subscription you can run the following query:
resources
| distinct type
If you want to query a specific resource type on the storage accounts within, you can write a query like this:
resources
| where type =~ 'microsoft.storage/storageaccounts'
It’s worth noting in that query the “=~” operator means equals and is not case sensitive.
You will get a default results table available to you. There should also be a “see details” link you can click on which will give you more information and properties available on each resource. We’ll explore how you can use this to discover more information on each resource next.
Dynamic Types
Dynamic types within the KQL language are fields that have multiple values attached to them or properties under them. Within Azure Resource Graph you will often encounter both types of data. There are several ways to access the information depending on how the information is formatted.
Let’s take a look at some examples.
When I queried the storage accounts within my subscription earlier I got a lot of information back. One of the fields returned was “SKU”, which had multiple values attached to it.
If we use the extend operator we can start to pull out the exact information from that field that we want.
In this case, I only really care about pulling out the “Standard_LRS” part of the value, which sits within the SKU field and under “name”, so I write the query:
resources
| where type =~ 'microsoft.storage/storageaccounts'
| extend Sku = sku.name
| project name, kind, location, resourceGroup, Sku
This pulls out the name of the storage account, the kind of storage account, Azure location/region, the resource group, and the SKU name.
What about other properties though? Let’s run the overview query for storage accounts again:
resources
| where type =~ 'microsoft.storage/storageaccounts'
Next to our results we have a “see details” button, when we click on that we have a lot of the result information we saw when we ran our query. But there is also a properties section which holds a lot of additional information that isn’t displayed in our results. How can we pull that information out into our query results?
Again we want to use the extend operator to help us do that.
Looking at the storage account properties we have a field called “allowBlobPublicAccess”, let’s write a query to pull that information out.
resources
| where type =~ 'microsoft.storage/storageaccounts'
| extend BlobPublicAccess = properties.allowBlobPublicAccess
| project name, kind, location, resourceGroup, BlobPublicAccess
We now have a query that pulls out the name of the storage account, the kind of storage account, Azure location/region, the resource group, and information relating to the Blob Public Access status.
And we can continue to pull other information out like that to build queries that fulfil our needs.
Summary Count
There might be times when you want to count the amount of a certain object in your query results. One real world example I’ve had recently is currently the types of operating system (OS) that have the Azure Arc agent installed on them.
I’ve used this query to pull out the information and then visualise in a dashboard:
resources
| where type == "microsoft.hybridcompute/machines"
| extend osSku = properties.osSku
| project name, osSku
| summarize count() by tostring(osSku)
The last line of my query is using the summarize operator to count how many of each OS type is within the results.
Sort results
When you get your results there are times when you will want to sort or order them by a certain field.
You can do this by using either the sort or order operator, both are the equivalent of each other.
So if you want to sort a query of storage accounts by name in ascending order you would use this query:
resources
| where type =~ 'microsoft.storage/storageaccounts'
| sort by name asc
You could sort them in descending order by using “desc” instead of “asc”.
Conclusion
In conclusion, Azure Resource Graph empowers Azure users with a versatile and efficient means to explore and query their cloud resources and subscription data.
This blog post has taken you on a journey through the essential aspects of using this powerful tool, from understanding the importance of read access to the nuances of querying various resource types and dynamic data using the Kusto Query Language (KQL).
We've seen how to pull out specific information from complex fields, count and summarise results, and even sort them to fit your needs.
As you delve further into the world of Azure Resource Graph, you'll find that it not only streamlines your resource management but also enhances your understanding of your Azure environment.
Armed with these newfound insights, go forth and make the most of Azure Resource Graph to conquer your Azure resource management challenges. Happy querying!