Audit Inventory of Azure Resources

I have been working on a few projects lately where there was a need to review customers Azure environments. These environments were moderate in size and spread across multiple subscriptions with no real documentation or inventory in place.

To make it easier to assess the environment and gain a quick understanding of the landscape across all subscriptions I wanted to export the data so I could use it in Excel. I put together a few quick scripts to collect data across different resource types. The data for all collections includes the resource name, location, resource group and subscription, with each script for the specific resource type having more detailed information for that type of resource.

Please make sure you are using AzureRM PowerShell 4.3.1. You can find all the scripts here https://github.com/Merlus/powershell/tree/master/azure/Audit%20Resources.

A couple samples of the exported files to filter the data, and the description of each export are below:

All Resource Audit

Collected data provides a high level overview of all resources.

  • Resource Name
  • Resource Group
  • Resource Type
  • Resource Kind
  • Resource SKU
  • Location
  • Tags
  • Resource ID
  • Subscription

Virtual Machine Audit

Collected data includes typical useful information about each VM.

  • VM Name
  • Resource Group
  • Location
  • VM Size
  • Each Network Interface VNet/Subnet
  • Each Network Interface Public or Private IP Address
  • Availability Set
  • OS Disk and Data Disk Storage Accounts (will also indicate if a Managed Disk)
  • Subscription

Virtual Network Audit

Collected data includes all information about the Virtual Networks and is useful for getting a view of the network design including peering connections.

  • VNet Name
  • Location
  • AddressSpace
  • Subnet Name and Prefix
  • Peering State
  • Peering Allow VNet Access
  • Peering Allow Remote Gateway
  • Peering Allow Forwarded Traffic

Network Security Group Audit

Collects data about each NSG.

  • NSG Applied to Subnet
  • NSG Applied to Network Interface
  • Export All NSG and their rules

Load balancer Audit

Collected data includes about the load balancer and rules, probes, etc.

  • Load Balancer Name
  • Resource Group
  • Location
  • Front End IP (Public or Private)
  • Backend Pools
  • Load Balance Rules
  • Probes

Gateway Connections

Collected data about Gateway Connections

  • Connection Name
  • Resource Group
  • Type (IPsec/VNET/ExpressRoute)
  • Virtual Network Gateway 1 and 2 (VNET to VNET)
  • Local Network Gateway