I have resources in a Resource Group in Azure and it wont let me move the resource because it is in a Resource Group that is not the hosting Resource Group even though it has been moved .
I have tried to run the command in Powershell az resource list but cant seem to see the hosting Resource Group of the resource.
Is there a command I can run in Powershell that will give the current Resource Group of the resource and the hosting Resource Group of the resource?
Is there a Powershell command that will give the current Resource Group of the resource?
Yes its the Get-AzureRmResource command:
$resourceId = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
$resource = Get-AzureRmResource -ResourceId $resourceId
$resourceGroupName = $resource.ResourceGroupName
Fortunately there's an alternative to avoid specifying the "ResourceGroupName" which you're trying to find and that's specifying the ResourceType..
$resourceGroupName = Get-AzureRmResource -ResourceName {resourceName} -ResourceType {resourceType} | Select-Object -ExpandProperty ResourceGroupName
Also note the -ExpandProperties parameter in the documentation to include the resource properties.
Based on the shared information, I have understood that you want to know the
hosted resource group(in which resource group got created before move operation).
current resource group (currently where the resource resides in).
We don't have any direct cmdlets to pull this information.
You can make use of activity logs to see the resource move operation and pull the information of resources which were moved & respective target resource group names accordingly using the below cmdlet
Get-AzActivityLog -StartTime (get-date).AddDays(-90) -EndTime (get-date)| Where-Object {$_.Authorization.Action -like "Microsoft.Resources/subscriptions/resourceGroups/moveresources/action" -and $_.OperationName -like "Move Resource Group Resources" -and $_.EventName -like "Begin request" } | Select -ExpandProperty Properties
Sample screenshot for your reference:
Note: Using Get-AzActivityLog cmdlet you can pull logs for only last 90days.
Related
I am trying to find out if its possible to apply multiple tags to all of the resources under a specific Resource Group in Azure. I don't know if this is possible because right now I am doing it manually via the Azure Portal but since our resources exploded I can't do it manually any more.
One of the workaround is that you can add multiple tags to all the resources in you Resource Group through Powershell using New-AzTag. Below is the command that worked for me.
$tags = #{"<Tag1Name>"="<Value1>"; "<Tag2Name>"="<Value2>"}
$rs = get-azresource -ResourceGroup <Your_Resource_Group>
foreach($r in $rs){
New-AzTag -ResourceId $r.ResourceId -Tag $tags
}
In case if you are updating the Tag you can follow the answer suggested by Stanley Gong - Update Azure resource tags for multiple resources - Stack Overflow
$rs = get-azresource -TagName Environment
foreach($r in $rs){
if($r.Tags.Environment -eq 'Non-Prodd'){
$r.Tags.Environment = "Non-Prod"
Set-AzResource -ResourceId $r.ResourceId -Tag $r.Tags -Force
}
}
This can be also done in Azure CLI using az tag create apart from using Azure portal and powershell.
REFERENCES: Tag resources - Microsoft Docs
i am trying to get all objects from Access Control tab from Storage Account container using powershell.
Using command:
Get-AzRoleAssignment -ResourceGroupName 'devtest' -ResourceName 'sa-name' -ResourceType 'Microsoft.Storage/storageAccounts'
I am get all objects from:
Storage Account
Containers
As you can see, using this command im getting scopes for Storage Account and Container in the same call.
I tried using command like:
Get-AzRoleAssignment -ResourceGroupName 'devtest' -ResourceName 'SA-name' -ResourceType 'Microsoft.Storage/storageAccounts' | Where-Object -Property Scope -Like '*containers/container-name'
But i am not happy with the results because i am not getting for example Owner of this container because it is inheritate from diffrent resource
My question is, how to get Role Assignments objects from IAM blade for specific container using powershell, CLI or REST API with all objects?
You can list the RBAC on a specific container by listing all role assignments for the storage account and excluding all containers except for the one you want to see:
Get-AzRoleAssignment -ResourceGroupName "<your-resource-group-name>" -ResourceType "Microsoft.Storage/storageAccounts" -ResourceName "<your-storage-account-name>" | Where-Object { $_.Scope -like '*/containers/<your-container-name>' -or -not ($_.Scope -like '*/storageAccounts*/default/containers/*') }
I need to bulk update a particular tag which is applied on a variety of resources in Azure like VMs, NSGs, AGWs, RGs, so on and so forth. I need to update this tag for all kind of resources on which they are applied. How can I do the same ? I need to filter resources on basis of Subscription, Region and another tag value ? Can I use AZ CLI or Azure Powershell and if yes, how ? How can I put filter of Subscription, Region and another tag value for bulk tag update ?
To filter with subscription, you need to use Set-AzContext to set the specific subscription, because azure powershell can just run against one subscription, to see the subscriptions that your logged account can access, you could use Get-AzSubscription.
Then you can filter with region and another tag value, after getting them, update their tags via Update-AzTag.
Connect-AzAccount
Set-AzContext -Subscription "<subscription-id>"
$resources = Get-AzResource -TagName "tag1" -TagValue "value1" | Where-Object {$_.Location -eq 'centralus'}
$Tags = #{"tag1"="value1"; "tag2"="value2";}
$resources | ForEach-Object {
Update-AzTag -ResourceId $_.ResourceId -Tag $Tags -Operation Merge
}
You can use Azure PowerShell:
$mergedTags = #{"key1"="value1"; "key3"="value3";}
Update-AzTag -ResourceId /subscriptions/{subId} -Tag $mergedTags -Operation Merge
Original documentation: https://learn.microsoft.com/en-us/powershell/module/az.resources/update-aztag?view=azps-5.3.0
or Az Cli:
https://learn.microsoft.com/en-us/cli/azure/tag?view=azure-cli-latest
I am looking for a way to create one tag and use it to tag multiple resources. These resources I am tagging are not all in the same resource group / subscription and they are all different types of resources ranging from VMs to App services to Log Analytics Workspaces etc. There are over 3000 resources in total. The ultimate goal is to create a tag for each resource type, and then use powershell to filter by resource type and then send a particular command to each resource type. Below is an example.
VM Resources will get VM-Cleanup-Tag, and then I will run a command that will add that tag to all VM resources that I specify. Then I will run a command to filter by that tag and pipe another command in there such as stop-AzureVM. And then I will do that same thing for many other resource types. Any ideas will be greatly appreciated!
Just use the generic AzResource commands for this purpose
$tags = #{"VM-Cleanup-Tag"="True" ; "ResoucreType" = "VM" ; "etc"="etc"}
Get-AzResource -ResourceType Microsoft.Compute/virtualMachines | Set-AzResource -Tag $tags -Force
Then you can call of of those resources
$VMs_Cleanup = Get-AzResource -Tag #{"VM-Cleanup-Tag" = "True"}
$VMs_Cleanup | Stop-AzVM
or
foreach ($VM in $VMs_Cleanup) {
Stop-AzVM $VM
blah blah
}
Get Tags and append new ones
$tags = #{"VM-Cleanup-Tag"="True" ; "ResoucreType" = "VM" ; "etc"="etc"}
$Resource = Get-AzResource -Name $VMName
$tags.Keys | % {$Resource.Tags.Add($_,$tags.Item($_))}
Set-AzResource $VMName
Im want to delete the tags from large number of VM in microsoft azure.
But I get this error : Can not remove tag/tag value because it's being referenced by other resources. What I need to do and how to fix this error???
Remove-AzureRmTag -Name "sada"
This code i have used to remove sada from all my Azure Virtual Machines
this means this tag is being used by some resource in azure, you can only remove unused tags with this cmdlet. so your only option is to remove all those tags from existing resource (you can use a fairly simple powershell script for that, or just mass tagging from the portal). and then you can run this cmdlet.
something like this:
$res = Get-AzResource -ErrorAction SilentlyContinue
$res.ForEach{
if ( $_.tags.ContainsKey('sada') ) {
$_.tags.Remove('sada')
}
$_ | Set-AzResource -Tags $_.tags
}
You cannot delete a tag or value that is currently applied to a resource or resource group. Before using Remove-AzTag, use the Tag parameter of the Set-AzResourceGroup cmdlet to delete the tag or values from the resource or resource group. https://learn.microsoft.com/en-us/powershell/module/az.resources/remove-aztag?view=azps-4.8.0#description
The Solution is simple:
Update-AzTag -ResourceId $resource.id -Tag $removeTags -Operation Delete