Resource Governance with Azure Graph

Learn how to govern all resources within a subscription using Azure Resource Graph.

Resource governance is crucial in Azure and any cloud provider to ensure efficient resource utilization, control costs, and maintain optimal performance. It helps manage and allocate resources effectively, preventing misuse and ensuring compliance with organizational policies and budgets. Here, we’ll explore “az graph,” an Azure construct governing resources across all resource groups in a subscription.

Azure Resource Graph

Azure Resource Graph is a service enhancing Azure Resource Management, allowing efficient exploration and querying across subscriptions for effective environment governance. Empowering resource queries, it facilitates complex filtering, grouping, and sorting. This allows for iterative exploration aligned with governance requirements and assessing policy effects in extensive cloud environments. It supports Azure LighthouseAzure Lighthouse enforces security best practices with just-in-time access, role-based access control (RBAC), and on-demand auditing capabilities. for managing delegated subscriptions. By consolidating and updating resource properties, Resource Graph complements Azure Resource ManagerAzure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account., extending querying capabilities and facilitating comprehensive resource exploration and governance.

Why create an Azure Resource Graph?

Azure Resource Graph helps govern all resources created in an Azure subscription. When working in Azure, we can end up with numerous resources and services running over time. If they are not regularly cleaned up, they can add to the overall costs of the subscription. Therefore, using the Azure Resource Graph can help us get an account of what resources are currently active in the subscription. Let’s practice some queries below:

How does governance with Azure Resource Graph work?

There are several ways in which resource graphs can help in governing. Let’s look at some below:

Efficient exploration: It enables efficient exploration of resources in Azure by providing a powerful query language that allows complex filtering, grouping, and sorting based on resource properties.
Scale queries across subscriptions: It allows queries to scale across a set of subscriptions, allowing them to govern environments effectively by assessing, monitoring, and managing resources at scale.
Policy assessment: Resource Graph supports policy assessment by allowing users to query changes made to resource properties and assess the effects of applying policies in a vast cloud environment.
Resource governance: By leveraging Resource Graph’s querying capabilities, we can implement effective resource governance, ensuring optimal performance, compliance, and resource utilization across an Azure environment.

What can we govern using Azure Resource Graph?

Microsoft provides a list of queries and governance tests that can be run using the Resource Graph in their documentation. The starter queries give basic governance tests, while the advanced queries are for more focused governance objects. Let’s look at some of those query samples.

Count Azure resources: This is the query to retrieve the number of Azure resources across accessible subscriptions, aiding in overall management.
Count key vault resources: This utilizes count to determine the number of Key Vault resources, focusing on security and access management.
List resources sorted by name: This retrieves various resource types and organizes them alphabetically, facilitating a structured view for easier management.
Count virtual machines by OS type: This gathers the count of virtual machines categorized by their OS types, aiding in OS-specific resource management.
Show resources that contain storage: This searches for resources containing the term "storage," facilitating identification and management of storage-related resources.
List all virtual network subnets: This retrieves Azure virtual network subnets, crucial for network configuration and management.
List all public IP addresses: This gathers public IP addresses, essential for networking configurations and external access management.

Running governance queries with Azure Resource Graph

Let’s see how the resource graph queries can be run using Azure CLI to govern resources inside an Azure subscription. To start, we will create some resources in Azure.

Create test resources in Azure

We’ll start with a new resource group for creating other services.

Get hands-on with 1300+ tech skills courses.

Getting Started

Introduction to Azure Data Factory

Setting Up an Azure Data Factory Environment

Data Connectivity and Management

Azure Data Factory: Introduction and Connectivity Exam

Creating Data Pipelines in Azure Data Factory

Managing and Monitoring Azure Data Factory Pipelines

Azure Data Factory: Designing and Maintaining Data Pipelines Exam

Big Data Integration and Processing

Machine Learning and Advanced Analytics

Azure Data Factory: Big Data Processing and Machine Learning Exam

Data Governance and Security

Azure Data Factory: Best Practices

Conclusion

Appendix