Skip to main content

Automating Azure Resource Graph Queries with Logic Apps

Automating Azure Resource Graph Queries with Logic Apps

Overview

Azure Resource Graph Explorer enables querying resources at scale across subscriptions, management groups, and entire tenants. If you need to execute queries periodically and take action on the results, Azure Logic Apps provides an automated solution.

This article provides step-by-step instructions on how to:

  • Write an Azure Resource Graph query to run periodically.
  • Create an Azure Logic App with a System-Assigned Managed Identity.
  • Set up a Managed Identity with appropriate access.
  • Automate the execution of your Azure Resource Graph query via Logic Apps.
  • Store query results in CSV format in Azure Blob Storage.

Prerequisites

1. Write an Azure Resource Graph Query

To retrieve the power state summary of a test Virtual Machine, use the following Kusto Query Language (KQL) query:

Resources
| where type =~ 'microsoft.compute/virtualmachines'
| extend vmPowerState = tostring(properties.extended.instanceView.powerState.code)
| summarize count() by vmPowerState

2. Create an Azure Logic App

  1. Navigate to the Azure Portal.
  2. Search for Logic Apps in the top search bar and select it.
  3. Click Add to create a new Logic App.
  4. Under Plan Type, select Consumption.
  5. Complete the required configurations and deploy the Logic App.

3. Set Up a Managed Identity

Enable System-Assigned Managed Identity

  1. Navigate to the Logic App you created.
  2. On the left menu, select Identity.
  3. Choose the System-Assigned tab, set the status to On, and click Save.

Assign Role Permissions

To grant the Managed Identity the ability to query across subscriptions, resource groups, and resources:

  1. Navigate to Azure Role Assignments.
  2. Assign the Azure Resource Graph Reader role to the Logic App's Managed Identity.
  3. Refer to Assign Azure Roles to a Managed Identity for more details.

4. Configure and Run Your Logic App

  1. Open your Logic App and switch to Code View.
  2. Paste the required JSON configuration.
  3. If validation fails, switch to Designer View and adjust the setup.
  4. Click Save and run your Logic App.

5. Store Query Results in Azure Blob Storage (CSV Format)

Convert JSON Response to CSV Format

  1. Add a Data Operations - Select action to extract necessary fields.
  2. Use a Data Operations - Compose action to format the data into CSV.

Example CSV Formatting Expression:

concat('Power State,VM Count\n', join(body('Select'), '\n'))

Upload to Azure Blob Storage

  1. Add the Azure Blob Storage - Create Blob action.
  2. Configure it to store the CSV output in a designated Blob Container.

Next Steps

  • Monitor and review execution results in Logic Apps Run History.
  • Expand automation to include alerts, notifications, or remediation actions.

By following these steps, you can automate periodic queries of Azure resources and store the results efficiently in Azure Blob Storage in CSV format.

Popular posts from this blog

How to Import Azure Wiki Contents into a JSON File

How to Import Azure Wiki Contents into a JSON File In today's digital age, organizations often depend on collaborative tools like Azure Wiki to streamline knowledge sharing among team members. However, there are situations when you might need to export this content for further analysis, archival purposes, or integration with other systems. In this article, we'll see how to import Azure Wiki content into a JSON file using Azure DevOps Services REST API with Python. Prerequisites Here you need: Python POSTMAN Visual Studio or Notepad++ Before we dive into the implementation, ensure you have the following as well: Azure DevOps Account: Make sure you have access to an Azure DevOps account with permission to read wiki content. You can create an Azure free account via Azure Free Account . Persona...
Read more

Veeam Known Issues: Network Failure and SSL Errors

Veeam Known Issues: Network Failure and SSL Errors Veeam Known Issues: Error Observed by Underlying BIO Issue Discontinuous network failures may occur when communicating with the VMware host. This is accompanied by errors such as: “Error observed by underlying BIO: No such file or directory Detail: ‘SSL connect failed in tcp_connect()’, endpoint:” In many cases, the backup process continues successfully on a subsequent attempt. Cause This error often arises due to unsupported network configurations in VMware. Specifically: A VM Kernel NIC with management enabled is set on a port group that is no longer suitable for the VM. Even if the VM port management option is added to a network, VMware may display warnings. In Veeam backup, discontinuous alerts...
Read more

How to Resolve VSS Writer Errors Without Rebooting

Resolve VSS Writer Errors Without Rebooting How to Resolve VSS Writer Errors Without Rebooting Scenarios Scenario 1: Failed VSS Writers Backups fail due to VSS writers in a failed state, and rebooting the server immediately is not feasible. Scenario 2: VSS Writers Not Started A writer is not running and needs to be started. Running vssadmin list writers will show only currently started writers. Scenario 3: Using VShadow for Windows Server 2003 or XP VSS is available in the Volume Shadow Copy Service 7.2 SDK, which can be downloaded from the Windows Download Center. Troubleshooting Steps Scenario 1: Failed VSS Writers Step 1: Open Command Prompt as Administrator: Start > Command Prompt > Right-click > Run as Administr...
Read more