I'd like to export something like the view of the subnets that exist in a VNET like is displayed in the portal. Unfortunately there isn't an option to export this to a CSV. I have found powershell scripts online that can export subnet route tables and the associated subnets. I have also found powershell scripts to export details on vnets subnets. However I haven't been able to find scripts that combine both
Script for Route tables by Aman Sharma
Ignore the synopsis and description I think he left them in from previous scripts
So I'm trying to reverse the logic i.e. get the subnet details and add the route tables for each subnet if it exists. However I'm not sure what I'm doing at this point! the script is erroring with:
Line |
47 | … $routeTables = Get-AzRouteTable -Name $routeTableName -Resour …
| ~~~~~~~~~~~~~~~
| Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
The script ends and the CSV has everything but the route table details. So if you could help a noob I'd be very grateful here is what I have:
$PathToOutputCSVReport = "/path/output.csv"
$subs = Get-AzSubscription
#Checking if the subscriptions are found or not
if(($subs -ne $null) -or ($subs.Count -gt 0))
{
#Creating Output Object
$results = #()
#Iterating over various subscriptions
foreach($sub in $subs)
{
$SubscriptionId = $sub.SubscriptionId
Write-Output $SubscriptionName
#Selecting the Azure Subscription
Select-AzSubscription -SubscriptionName $SubscriptionId
#Getting all Azure Route Tables
$vnets = Get-AzVirtualNetwork
foreach($vnet in $vnets)
{
$vnetName = $vnet.Name
$vnetResourceGroup = $vnet.ResourceGroupName
Write-Output $vnetName
#Fetch Route Subnets
$vnetSubnets = $vnet.Subnets
foreach($vnetSubnet in $vnetSubnets)
{
$subnetName = $vnetSubnet.Name
Write-Output $subnetName
$subnetId = $vnetSubnet.Id
###Getting information
$splitarray = $subnetId.Split('/')
$subscriptionId = $splitarray[2]
$vNetResourceGroupName = $splitarray[4]
$virtualNetworkName = $splitarray[8]
$subnetName = $splitarray[10]
#Fetch the route table details
$routeTables = Get-AzRouteTable -Name $routeTableName -ResourceGroupName $routeResourceGroup
#Fetching the vNet and Subnet details
#$vnet = Get-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $vNetResourceGroupName
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet
$subnetAddressPrefix = $subnet.AddressPrefix[0]
$details = #{
virtualNetworkName=$virtualNetworkName
subnetAddressPrefix=$subnetAddressPrefix
subnetName=$subnetName
routeTableName=$routeTableName
routeResourceGroup=$routeResourceGroup
subscriptionId=$subscriptionId
vNetResourceGroupName=$vNetResourceGroupName
}
$results += New-Object PSObject -Property $details
}
}
}
$results | export-csv -Path $PathToOutputCSVReport -NoTypeInformation
}
else
{
Write-Host -ForegroundColor Red "No Subscription Found"
}
This error you're getting clearly shows that the variable routeTableName is an invalid value for the -Name parameter of the cmdlet Get-AzRouteTable.
Looking at your script, it appears that the variable is not defined anywhere, which explains why its empty, hence invalid to be used with the cmdlet.
To define the variable with the name of the route table associated to a subnet, you can use the following:
$routeTableName = $subnet.RouteTable.Id.Split('/')[8]
It also seems you're not using the following at all and can be removed:
$routeTables = Get-AzRouteTable -Name $routeTableName -ResourceGroupName $routeResourceGroup
Here's how your entire code would look like:
$PathToOutputCSVReport = "/path/output.csv"
$subs = Get-AzSubscription
#Checking if the subscriptions are found or not
if(($subs -ne $null) -or ($subs.Count -gt 0))
{
#Creating Output Object
$results = #()
#Iterating over various subscriptions
foreach($sub in $subs)
{
$SubscriptionId = $sub.SubscriptionId
Write-Output $SubscriptionName
#Selecting the Azure Subscription
Select-AzSubscription -SubscriptionName $SubscriptionId
#Getting all Azure Route Tables
$vnets = Get-AzVirtualNetwork
foreach($vnet in $vnets)
{
$vnetName = $vnet.Name
$vnetResourceGroup = $vnet.ResourceGroupName
Write-Output $vnetName
#Fetch Route Subnets
$vnetSubnets = $vnet.Subnets
foreach($vnetSubnet in $vnetSubnets)
{
$subnetName = $vnetSubnet.Name
Write-Output $subnetName
$subnetId = $vnetSubnet.Id
###Getting information
$splitarray = $subnetId.Split('/')
$subscriptionId = $splitarray[2]
$vNetResourceGroupName = $splitarray[4]
$virtualNetworkName = $splitarray[8]
$subnetName = $splitarray[10]
#Fetch the route table details
#$routeTables = Get-AzRouteTable -Name $routeTableName -ResourceGroupName $routeResourceGroup
#Fetching the vNet and Subnet details
#$vnet = Get-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $vNetResourceGroupName
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet
$routeTableName = $subnet.RouteTable.Id.Split('/')[8]
$subnetAddressPrefix = $subnet.AddressPrefix[0]
$details = #{
virtualNetworkName=$virtualNetworkName
subnetAddressPrefix=$subnetAddressPrefix
subnetName=$subnetName
routeTableName=$routeTableName
routeResourceGroup=$routeResourceGroup
subscriptionId=$subscriptionId
vNetResourceGroupName=$vNetResourceGroupName
}
$results += New-Object PSObject -Property $details
}
}
}
$results | export-csv -Path $PathToOutputCSVReport -NoTypeInformation
}
else
{
Write-Host -ForegroundColor Red "No Subscription Found"
}
We have tried the same and getting the same warning as yours ,
Looking at your script ,you are doing correct but have not provided any variable to read the $routeTableName or $routeResourceGroup at line 47. We have used foreach loop again to retrieve route table details as subnet and vnets you have used, Followed by the below script we are able to run it without any failures:-
$PathToOutputCSVReport = "/mylocalpath/output.csv"
$subs = Get-AzSubscription
#Checking if the subscriptions are found or not
if(($subs -ne $null) -or ($subs.Count -gt 0))
{
#Creating Output Object
$results = #()
#Iterating over various subscriptions
foreach($sub in $subs)
{
$SubscriptionId = $sub.SubscriptionId
Write-Output $SubscriptionName
#Selecting the Azure Subscription
Select-AzSubscription -SubscriptionName $SubscriptionId
#Getting all Azure Route Tables
$vnets = Get-AzVirtualNetwork
foreach($vnet in $vnets)
{
$vnetName = $vnet.Name
$vnetResourceGroup = $vnet.ResourceGroupName
Write-Output $vnetName
#Fetch Route Subnets
$vnetSubnets = $vnet.Subnets
foreach($vnetSubnet in $vnetSubnets)
{
$subnetName = $vnetSubnet.Name
Write-Output $subnetName
$subnetId = $vnetSubnet.Id
###Getting information
$splitarray = $subnetId.Split('/')
$subscriptionId = $splitarray[2]
$vNetResourceGroupName = $splitarray[4]
$virtualNetworkName = $splitarray[8]
$subnetName = $splitarray[10]
#Fetch the route table details
#$routeTables = Get-AzRouteTable -ResourceGroupName $routeResourceGroup -Name $routeTableName instead of this tried below line to fetch the route table details
$routeTables = Get-AzRouteTable
foreach($routeTable in $routeTables)
{
$routeTableName = $routeTable.Name
$routeResourceGroup = $routeTable.ResourceGroupName
Write-Output $routeName
#Fetching the vNet and Subnet details
#$vnet = Get-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $vNetResourceGroupName
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet
$subnetAddressPrefix = $subnet.AddressPrefix[0]
$details = #{
virtualNetworkName=$virtualNetworkName
subnetAddressPrefix=$subnetAddressPrefix
subnetName=$subnetName
routeTableName=$routeTableName
routeResourceGroup=$routeResourceGroup
subscriptionId=$subscriptionId
vNetResourceGroupName=$vNetResourceGroupName
}
$results += New-Object PSObject -Property $details
}
}
}
}
$results | export-csv -Path $PathToOutputCSVReport -NoTypeInformation
}
else
{
Write-Host -ForegroundColor Red "No Subscription Found"
}
Also the link which you have shared it will also list as per your requirement .
OUTPUT DETAILS FOR REFERENCE:-
CSV FILE :-
For more information to fetch the route details in different way as well please refer the below links:-
SO THREAD|Route Table Details ,Output of Azure subnets with links to attached VNet, route table and NSG
Related
I want to create a NSG flow log for the network security group of a given Virtual Machine and link to a given Storage Account with PowerShell.
How can I achieve this?
This can be achieved with this sequence of operations:
determine the NSG linked to a Virtual Machine
get or create a `NetworkWatcher for the location of the NSG
find a suitable storage account
set a Flow Log configuration, if there is none existing
param(
# RegEx pattern to find your first VM in your current subscription
[Parameter(Mandatory = $true, Position = 1)]
[string]$vmNamePattern,
# RegEx pattern to find a storage account in your current subscription
[Parameter(Mandatory = $true, Position = 2)]
[string]$storageNamePattern
)
$vm = Get-AzVM | Where-Object { $_.Name -match $vmNamePattern } | Select-Object -First 1
$nic = Get-AzNetworkInterface -ResourceId $vm.NetworkProfile.NetworkInterfaces[0].Id
$sn = Get-AzVirtualNetworkSubnetConfig -ResourceId $nic.IpConfigurations[0].Subnet.Id
$nsgRes = Get-AzResource -ResourceId $sn.NetworkSecurityGroup.Id
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName $nsgRes.ResourceGroupName -Name $nsgRes.ResourceName
# create or get NetworkWatcher
$nw = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg | ? { $_.Location -eq $nsg.Location }
if (!$nw) {
New-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Location $nsg.Location -Name $("NetworkWatcher_" + $nsg.Location)
$nw = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg | ? { $_.Location -eq $nsg.Location }
}
# detect first viable storage account
$storageAccount = Get-AzStorageAccount | Where-Object { $_.StorageAccountName -match $storageNamePattern -and $_.PrimaryEndpoints.Blob -match "^http" } | Select-Object -First 1
# get or set NSG flow log if not yet established
$fl = Get-AzNetworkWatcherFlowLogStatus -NetworkWatcher $nw -TargetResourceId $nsg.Id
if (!$fl) {
# https://learn.microsoft.com/de-de/azure/network-watcher/network-watcher-nsg-flow-logging-powershell
Set-AzNetworkWatcherConfigFlowLog -NetworkWatcher $nw -TargetResourceId $nsg.Id -StorageAccountId $storageAccount.Id -EnableFlowLog $true -FormatType Json -FormatVersion 2
}
I am pretty much new to PowerShell and we have customer requirement that they will share Azure VM details in Excel sheet with below columns.
we have to get VM Status details from all the subscriptions & ResourceGroup using the Powershell script.
Outuput:
I am able to perform for single RSG and VM values by using the below code
$SubscriptionName = Get-AzSubscription -SubscriptionId $subscriptionId
$RG = "rgp-use2-prd-bioportalbiopeople1"
$RSGName = Get-AzResourceGroup -Name $RG
$VMs = Get-AzVM -Name "vmbppapiv1prd02"
$VMState = (Get-AzVM -Name $VM -ResourceGroupName $RG -Status).Statuses
$vmOutput = $VMs | ForEach-Object {
[PSCustomObject]#{
"Resource Group Name" = $RSGName.ResourceGroupName
"Subscription Name" = $SubscriptionName.Name
"VM Name" = $_.Name
"VM Type" = $_.StorageProfile.osDisk.osType
"VM Statss" = ($VMState | where code -Like 'PowerState/*')[0].DisplayStatus
}
}
$vmOutput | Format-Table -AutoSize
$vmOutput | export-csv C:\Projects\data.csv
I can't test this myself, but you will have to create nested loops to get the details for all subscriptions and resourcegroups.
Something like this:
$subscriptions = Get-AzSubscription -TenantId "aaaa-aaaa-aaaa-aaaa" # enter the tenant ID here
$VMs = Get-AzVM -Name "vmbppapiv1prd02"
$vmOutput = foreach ($vm in $VMs) {
foreach ($subscription in $subscriptions) {
Set-AzContext -SubscriptionId $subscription.Id
(Get-AzResourceGroup).ResourceGroupName | ForEach-Object {
$vmState = (Get-AzVM -Name $vm.Name -ResourceGroupName $_ -Status).Statuses
[PSCustomObject]#{
"Resource Group Name" = $_
"Subscription Name" = $Subscription.Name
"VM Name" = $vm.Name
"VM Type" = $vm.StorageProfile.osDisk.osType
"VM Status" = ($vmState | where code -Like 'PowerState/*')[0].DisplayStatus
}
}
}
}
$vmOutput | Format-Table -AutoSize
$vmOutput | Export-Csv -Path 'C:\Projects\data.csv' -NoTypeInformation
I want to get the list of azure servers having auto-shutdown disabled on them, I have the below script but the issue with the script is that it gets the list of RG's under the Subscription GUID but repeats the output after every loop.
Import-AzureRmContext -Path "$PSScriptRoot\AzureProfile.json"
Select-AzureRmSubscription -SubscriptionId {subscriptionId}
[array]$ResourceGroupArray = Get-AzureRMVm | Select-Object -Property ResourceGroupName, Name, VmId
foreach ($resourceGroup in $ResourceGroupArray){
$targetResourceId = (Get-AzureRmVM -ResourceGroupName $resourcegroup.ResourceGroupName -Name $resourceGroup.Name).Id
$shutdownInformation = (Get-AzureRmResource -ResourceGroupName $resourcegroup.ResourceGroupName -ResourceType Microsoft.DevTestLab/schedules -Expandproperties).Properties
Write-Host "ID: " $targetResourceId
$shutdownInformation
The output for each VM is displayed in the following format,
What I want is simple, I want the VM name and its status of Auto-shutdown to be displayed on the screen so that its easy for me to find out which all VM have auto-shutdown currently disabled on them.
Any help related to this would be helpful.
You just need to get the microsoft.devtestlab/schedules resource ID using:
/subscriptions/{subscriptionId}/resourceGroups/{rgName}/providers/microsoft.devtestlab/schedules/shutdown-computevm-{vmName}
Then iterate over all your VMs using Get-AzVM, Get the microsoft.devtestlab/schedules resource using Get-AzResource, then output VM name and status into a table using Format-Table.
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Set-AzContext -SubscriptionId $subscriptionId
& {
foreach ($vm in Get-AzVM) {
try {
$shutdownResource = Get-AzResource `
-ResourceId "/subscriptions/$subscriptionId/resourceGroups/$($vm.ResourceGroupName)/providers/microsoft.devtestlab/schedules/shutdown-computevm-$($vm.Name)" `
-ErrorAction Stop
[PSCustomObject]#{
VMName = $vm.Name
ShutdownStatus = $shutdownResource.Properties.status
}
}
catch {
[PSCustomObject]#{
VMName = $vm.Name
ShutdownStatus = $_.Exception.Message
}
}
}
} | Format-Table -AutoSize
To set the context to the correct subscription, we can use Set-AzContext.
The above however is using the latest Az modules. You can do the same using the equivalent AzureRm modules.
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Set-AzureRmContext -SubscriptionId $subscriptionId
& {
foreach ($vm in Get-AzureRmVM) {
try {
$shutdownResource = Get-AzureRmResource `
-ResourceId "/subscriptions/$subscriptionId/resourceGroups/$($vm.ResourceGroupName)/providers/microsoft.devtestlab/schedules/shutdown-computevm-$($vm.Name)" `
-ErrorAction Stop
[PSCustomObject]#{
VMName = $vm.Name
ShutdownStatus = $shutdownResource.Properties.status
}
}
catch {
[PSCustomObject]#{
VMName = $vm.Name
ShutdownStatus = $_.Exception.Message
}
}
}
} | Format-Table -AutoSize
Although I do recommend moving to the Az module since support for AzureRm is ending December 2020. You can read the documentation for more information about this.
The above code should give you an output similar to the following
VMName ShutdownStatus
------ --------------
vm1 Enabled
vm2 Disabled
Update
The Call operator & is used here to run the for loop as a script block. You can read more about this in about_Script_Blocks.
Try something like this to get the auto-shutdown status of all VMs. Instead of trying to get the schedules inside the loop, get all the ones in the subscription and match them based on the VM's full resource Id.
[array]$VMArray = Get-AzureRMVm | Select-Object -Property ResourceGroupName, Name, VmId, Id
$ShutdownInformation = (Get-AzureRmResource -ResourceType Microsoft.DevTestLab/schedules -Expandproperties).Properties
foreach($vm in $VMArray) {
$ShutdownStatus = "Not Configured"
$Schedule = $ShutdownInformation | Where-Object { $_.targetResourceId -eq $vm.Id } | Select -First 1
if($Schedule -ne $null) {
$ShutdownStatus = $Schedule.status
}
Write-Host $vm.VmId $ShutdownStatus
}
A bit stuck on this one. Going in circles trying to get the NSG Ids listed out for each and every subnet in Azure. It's part of a security control requirement, so we need to list each subnet and then provide the NSG Id with them - to show that each subnet does in fact have an NSG associated with it.
$vnets = (Get-AzVirtualNetwork).Name
$nsgId = (Get-AzVirtualNetwork).Subnets.NetworkSecurityGroup.Id
$snet = (Get-Azvirtualnetwork).Subnets.Name | Out-String
foreach ($vnet in $vnets) {Get-AzVirtualNetworkSubnetConfig -Name $snet -VirtualNetwork $vnets | FL Name,$nsgId}
This is the error I am getting. Just can't get past it.
Get-AzVirtualNetworkSubnetConfig: Cannot convert 'System.Object[]' to the type 'Microsoft.Azure.Commands.Network.Models.PSVirtualNetwork' required by parameter 'VirtualNetwork'. Specified method is not supported.
This should do it.
$vnets = (Get-AzVirtualNetwork)
$objectArr = #()
foreach ($vnet in $vnets) {
foreach ($subnet in $vnet.Subnets) {
if ($subnet.NetworkSecurityGroup -ne $null) {
$NSG = Get-AzResource -ResourceId $subnet.NetworkSecurityGroup.Id
$prop = [ordered]#{
'VNETName' = $vnet.Name
'SubnetName' = $subnet.Name
'NSGName' = $NSG.Name
'Id' = $NSG.Id
}
$obj = New-Object -Type PSCustomObject -Property $prop
$objectArr += $obj
}
}
}
$objectArr | Select-object VNETName, SubnetName, NSGName, Id
I have coded a powershell script to set an existing subnet to function as a service endpoint for multiple services. However, when I run the command line in the script, it doesn't add a new service endpoint, it just changes the existing one.
I am trying to parameterise this through Jenkins as well, which may be an added complication. I think if I can get the base syntax right then that shouldn't be a problem.
Syntax I am using is:
#Get vnet
$virtualnetwork = Get-AzureRmVirtualNetwork -Name $VN -ResourceGroupName $RG
#Configure service endpoint
Add-AzureRmVirtualNetworkSubnetConfig -Name $SN -AddressPrefix $SAP -
VirtualNetwork $virtualnetwork -ServiceEndpoint $EP
#Set configuration
$virtualnetwork | Set-AzureRmVirtualNetwork
You can use something like this to add as many endpoints as required:
$rgname = "amgar-dtl"
$vnName = "Dtlamgar-dtl"
$sname = "Dtlamgar-dtlSubnet"
$subnetPrefix = "10.0.0.0/20"
#Get vnet
$VirtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $rgname -Name $vnName | Get-AzureRmVirtualNetworkSubnetConfig -Name $sname
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$VirtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
#Add new service endpoint
Get-AzureRmVirtualNetwork -ResourceGroupName $rgname -Name $vnName | Set-AzureRmVirtualNetworkSubnetConfig -Name $sname -AddressPrefix $subnetPrefix -ServiceEndpoint $ServiceEndPoint.Add("Microsoft.KeyVault") | Set-AzureRmVirtualNetwork
Hope this helps!
Successful syntax is:
#Vnet
$VN = "$ENV:VNET_NAME"
#Resource Group
$RG = "$ENV:RESOURCEGROUP_NAME"
#Subnet
$SN = "$ENV:SUBNET_NAME"
#Subnet Address Prexifx
$SAP = "$ENV:ADDRESS_PREFIX"
#ServiceEndpoint
$EP = "$ENV:SERVICE_ENDPOINT"
Write-Host "Importing the AzureRM module into the PowerShell session"
Import-Module AzureRM
Write-Host "Connect service principle account to Azure RM"
Connect-AzureRmAccount -ServicePrincipal -Credential $CREDS -TenantId $TID -Subscription $SID
#Get vnet
$VirtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VN | Get-AzureRmVirtualNetworkSubnetConfig -Name $SN
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$VirtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
$ServiceEndPoint.Add($EP)
#Add new service endpoint
Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VN | Set-AzureRmVirtualNetworkSubnetConfig -Name $SN -AddressPrefix $SAP -ServiceEndpoint $ServiceEndPoint | Set-AzureRmVirtualNetwork
Powershell does not appear to support the command $ServiceEndPoint.Add("Microsoft.KeyVault") with “|”. Once it was executed separately, the script worked.
Here is another version for those looking to process multiple subnets and to validate that the subnet doesn't already have the service endpoint enabled because it will error out if the same service is listed twice when modifying the subnet.
$subscription = "Enter Subscription ID here"
$subnets = #('my-subnet-1','my-subnet-2','my-subnet-3')
$vnetName = "MY-VNET"
$vnetRgName = "MY-VNET-RG"
$newEndpoint = "Microsoft.AzureCosmosDB"
Set-AzContext -Subscription $subscription
foreach($snet in $subnets){
Write-Host "Modifying Service Endpoints for subnet: $snet" -fore red -back white
$virtualNetwork = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Get-AzVirtualNetworkSubnetConfig -Name $snet
$addrPrefix = $virtualNetwork.AddressPrefix
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$virtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
if ($ServiceEndPoint -notcontains $newEndPoint){
$ServiceEndPoint.Add($newEndpoint)
}
#Add new service endpoint
Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Set-AzVirtualNetworkSubnetConfig -Name $snet -AddressPrefix $addrPrefix -ServiceEndpoint $ServiceEndPoint | Set-AzVirtualNetwork
}