Rationale
As ancient Chinese philosopher said: if it exists we can inventory it to CSV files.
This powershell script inventory all specified tenant/subscriptions resources to CSV file and additionally creates several reports on data which is not considered as Azure resource (Resource groups and subscriptions themself).
This script started when i was working on hybrid multicloud DNS design and wanted to get all DNS settings from Azure TCP resources (resources having network profile).
DNS resolution in Azure is pretty tricky: you can overwrite standard Azue DNS server on a vNet level and you can overvrite vNet DNS settings on a vNic level. Additionally you can assign Azure private DNS zone to vNet. All these can make troublesome Azure DNS troubleshoting and migration activities. For example: you want to remove DNS server which is specified on vNet settings. Checking only vNets (if this server specified there) is not enough, you also have to check all vNics – what is not so easy.
After coding DNS inventory part I realized what script actially inventorying all Azure resources. So the final script is inventorying all resources with emphasis on network setting (for resources which have network profile) and creates additional reports. Additional reports included with this scripts are:
- tag report,
- RBAC roles report,
- RBAC role assignments reports,
- private DNS report
I have more than 10 additional reports but plan to publish them later. All reports are CSV files having combined data from multiple subscriptions from one tenant. I am utilizing subscription retrieval template published before.
Usage
You can download script here
Open powershell prompt. CD to dirctory where the script is saved.
Running examples:
.\azure2csv.ps1 -tenantID_Param “tenant_ID_here” – this will iterate all subscriptions in tenant, as $subID_Param is not specified
.\azure2csv.ps1 -tenantID_Param “tenant_ID_here” -subID_Param “sub1_ID,sub2_ID” – will process only sub1_ID and sub2_ID subscription
.\azure2csv.ps1 -tenantID_Param “tenant_ID_here” -createAllResourcesReport $false -createRBACreports $true -createPrivateDNSreport $false – will run only RBAC report
Script creates following reports:
“<yyyyMMdd-HHmmss>__<tenantID>__allResources.csv” – file containing all resources (with addition of subscriptions and resource groups) from subscriptions selected by $subID_param
“<yyyyMMdd-HHmmss>__<tenantID>__RBAC_role_assignments.csv” – file with RBAC role assignments collected
“<yyyyMMdd-HHmmss>__<tenantID>__RBAC_roles.csv” – file with RBAC roles collected
“<yyyyMMdd-HHmmss>__<tenantID>__tagListJson.json” – list of tags collected trough all subscriptions. Contains all tag names with all values (distinct)
…allResources.csv SCV file contain following columns:
Column name | Comment |
SubscriptionName | taken from Get-AzResource |
SubscriptionId | taken from Get-AzResource |
ResourceId | taken from Get-AzResource |
Id | taken from Get-AzResource |
Identity | taken from Get-AzResource (Identity.PrincipalId) |
Kind | taken from Get-AzResource |
Location | taken from Get-AzResource |
ManagedBy | taken from Get-AzResource |
ResourceName | taken from Get-AzResource |
Name | taken from Get-AzResource (usually same as ResourceName) |
ExtensionResourceName | taken from Get-AzResource |
ParentResource | taken from Get-AzResource |
PrivateIP | Calculated only for resources having Network profile. Written in a form vNic:IP. Support multiple NICs. |
PublicIP | Calculated only for resources having Network profile. Written in a form vNic:IP. Support multiple NICs |
vnetDNS | Calculated only for resources having Network profile. |
vnicDNS | Calculated only for resources having Network profile. |
linkedPrivDNSzones | Calculated. Can be multiline |
vnet | Calculated only for resources having Network profile. |
subnet | Calculated only for resources having Network profile. |
Plan | taken from Get-AzResource (plan.name) |
Properties | Properties taken from Get-AzResource and converted to text |
ResourceGroupName | taken from Get-AzResource |
Type | taken from Get-AzResource |
ResourceType | taken from Get-AzResource |
DiagnosticSettings | calculated as multiline string |
ExtensionResourceType | taken from Get-AzResource |
Sku.Name | taken from Get-AzResource |
Sku.Tier | taken from Get-AzResource |
Sku.Size | taken from Get-AzResource |
Sku.Model | taken from Get-AzResource |
Sku.Capacity | taken from Get-AzResource |
Tags | taken from Get-AzResource. Transformed to one text string containing all tags |
CreatedTime | taken from Get-AzResource |
ChangedTime | taken from Get-AzResource |
ETag | taken from Get-AzResource |
Notes
- For many subscriptions can take several hours to run. On finishing script shows stas on run time per subscription:
- If created CSV reports are opened with excel – it could show multiline cells as single line. To avoid this perform Home -> Format -> AutoFit row height. To avoid multiline you can change line containing $multiLineDelimiter = “`n” to $multiLineDelimiter = “; “ or smilair.
- I found it useful to perform text search in all files in output folder (I usually use FAR manager and Alt+F7) for values you are intersted in (like ip addresses, VM names, tags etc) – you can find file contaning needed information and open it with Excel and locate (with Ctrl+F) places where value was used.