One query about window azure that is there any way to get programmatic list of Regions which we are choosing while hosting our app?
CLI
az account list-locations
Powershell
Get-AzLocation
The only way that I can think of is to use the REST Management API.
You have to query the Management API, and call the List Locations method. You will however need a management certificate and a subscription id to do so. You can have the result cached for some time, if you are doing it very ofetn. I think that 1 hour is fair enough time to keep the locations cached. I don't expect that a change would happen that often, but it's good to refresh your list of locations from time to time.
Here is one example you can use. And here is a NuGet package that wraps everything around, so you don't need to construct your REST calls manually.
Related
I've been working on migrating all of the work items from one Azure DevOps (Services) project to another project in the same Organization.
I used the nkdAgility azure-devops-migration-tools to successfully copy the majority of existing work items across, but it did not grab our Shared Queries.
I played around with the Azure Rest API in powershell to list the queries. I also looked at the AZ CLI suite to see if there was a way to list the queries. I was able to find a couple at the root level, but it was not the entire list of Shared Queries.
Is this possible to accomplish through either of the above methods?
My Google-fu was strong today! Here's a link to a script that does almost exactly what I want.
Migrate Azure DevOps work items queries to a new organization
The only difference is that I am staying within my Organization, so making mods accordingly. Also, the Azure Rest API has probably evolved a bit since the original script was written, so I am updating the requests to handle that.
Thanks Josh Kewley!
I want to create an Azure Function that would retrieve the Sources Groups List, I found related question
here, but I'm wondering if there could be another alternative as this function will be hosted in the same Azure subscription, without making REST requests.
It is not possible to have it without a call. Having something in the resource group does not grant access out of the box to list other resources in that resource group. That could be a security issue.
There are a couple of different ways to get the desired information. It could be done via a REST API call, Powershell, Azure CLI etc.
There is a way to use Powershell in Azure Functions, but it is currently in the preview. I have not tried this before, but maybe you can try to leverage this to call the simple PowerShell command to get the resources. That way you are not calling the rest API, at least not directly.
If you ask me, and if you really need an Azure function to do this, going with REST API call is the safest bet.
I am trying to query for the Monitor Condition of Fired across all my existing V2 alerts in my Azure subscription. I can use either the Az PS module, the Azure REST API, or the Azure CLI. Ideally, I'd like to just leverage Get-AzAlert and pass the Alert ID in the AlertId parameter. However, it seems to want the ID GUID. Every command I find for pulling down a list of alerts provides only the complete ARM ID, for example "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupId}/providers/microsoft.insights/metricAlerts/{alertName}".
Similarly, in the Microsoft.AlertsManagement API, there is a command available to get the alert, https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.AlertsManagement/alerts/{alertId}?api-version=2018-05-05, but it also requires the alertId in GUID form.
I could leverage a more generic call in either the PS module (Get-AzAlert leveraging the MonitorCondition parameter) or API (https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.AlertsManagement/alerts?api-version=2018-05-05) that will provide me with all alerts with a Monitor Condition of Fired, however, the respective calls are limited in scope to returning events from only the last 30 days. I need to be able to find unresolved alerts that fired more than 30 days ago.
I need a way to get the list of alert GUIDs so that I can pass those into the calls to check on the alert monitor condition.
You can not access the alert more than 30 days ago, this is a built-in limitation. No matter you use the REST API, PowerShell or CLI, because the PowerShell and CLI both call the REST API essentially. Also, you cannot access that even if in the Azure portal, you can just specify the Time range within the past 30 days.
Reference - https://learn.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview#alerts-experience
I am having a hard time finding a way to list instances and, more importantly, the user that created them respectively.
Going through the hundreds of options inside the activity logs has yet to turn up anything concrete for me as it seems sometimes this data is recorded and other times it is not.
The end goal is to be able to find any resource that is created and whom created it (be it user or a group) so that tags can be issued to each resource allowing for easy separation of resources by the groups that are responsible for them.
Is anyone aware of a way to display this data or if it is even possible?
Thanks!
Instance? Do you mean Azure VM? If yes, you could find who create it on Activity log. Note: You only could search log within 90 days if you don't save log to storage account.
You could search it as below:
We are looking at using Azure Jobs for out multi-tenant platform, but want to figure the best way to do security for it, without using a certificate that has access to our whole Azure account.
We have a Resource Group called "Scheduler" and for each tenant we create a Job Collection with the Tentants Id "Tenant{tenant.Id}".
Currently we do this using SchedulerManagementClient and passing in CertificateCloudCredentials. We could use the Token to do this, but I believe it still has the same problem - in that the credentials have access to the full azure account, which we don't want.
Ideally we would like to lock down creation to the resource group "Scheduler" and create a certificate/token for this.
Is there a way to do that? Is there a better way to do what we are doing anyway?
Ok I figured this out, as is always the way it seems when you finally post something on StackOverflow. Everything was complicated by the fact I was using the old management libraries (Microsoft.WindowsAzure.Management) and not the new libraries (Microsoft.Azure.Management).
Basically I needed to create an application, and then assign that application roles just like you do users. This also helped:
https://azure.microsoft.com/en-gb/documentation/articles/resource-group-create-service-principal-portal/