With this article, we will start an article series that will cover Azure Resource Graph and the particular features that make it different. You might never used or you might have never heard Azure Resource Graph before, but you will have a grasp of it with this article series. In this series, we will try to create and improve solutions that needed for real scenarios. Now without getting into detail, let's jump into our article.
What is Azure Resource Graph?
We can define Azure Resource Graph as an Azure service extension of Azure Resource Manager for absolute beginners. To answer what it provides and why we should use it, we need to look at the examples like the actions that we can execute in subscriptions in our organization by using Azure Resource Graph. These examples are:
- Executing faster and more efficient complex resource queries and applying filters.
- Reporting whether governance requirements (Azure Policy, Advisor ve Defender for Cloud etc.) is compatible for our organization criteria.
- Gathering all the Azure Resource Graph queries above as a WorkBook and sharing it with having continuity in reports.
Azure Resource Manager supports queries on the fundamental properties like Resource Name, Resource Id, Type, Resource Group, Subscription ve Location. We need to make and call queries on the properties we want to access detailed information with Azure Resource Manager.
Accessing the related provider for any property with Azure Resource Graph is sufficient to access information. Being proficient in Kusto Query Language(KQL) is a must for every query by using Resource Graph. If you do not know anything about KQL, please refer to Microfost offical page to learn about the language structure.
What is Azure Resource Graph Explorer?
Azure Resource Graph Explorer is an interface available to us on the Azure Portal. On this screen, you can write the queries you want and see all supported resource types on the Resource Graph.
As you can see in the picture above, after accessing the Azure Resource Graph Explorer, you can search for the relevant Resource tables through the Resource Explorer Schema browser on the left and make your queries accordingly.
How does Azure Resource Graph keep being updated?
Resource Graph is notified by the Resource Manager whenever an Azure resource is updated. Then, Resource Graph updates its database. Also, Resource Graph does a continuous search for the resources that are updated/created. Thanks to this search, if there is any missed update or a resource is updated out of the Resource Manager, the Resource Manager notifies Resource Graph and updates every data. In summary —as we mentioned at first— since Azure Resource Graph is an extension of Azure Resource Manager, it watches for if any resource is provisioned, deleted, or updated and updates its tables.
What kind of permission does Azure Resource Graph require?
To execute a query in Resource Graph, we need to have at least Reader
on the resource that we want to execute a query on. If we do not have even this permission, unfortunately Azure Resource Graph returns null when we try to execute a query.
Example Queries using Resource Graph
As an part of Azure Portai Azure Resource Graph Exploler enables users to do Resource Graph queries directly on Azure Portal. We can record the queries that are done on portal and also we can pin them on Azure Portal with their graphic versions.
You can also use other tools for queries such as
- Azure portal ve Resource Graph Explorer
- Azure CLI
- Azure PowerShell
- Python