Azure Importer
Using this importer allows importing assets and links from Azure projects. The Azure Importer has a fixed schema:
Asset-Type | Required Permissions |
---|---|
Virtual Machine | Microsoft.Compute/virtualMachines/read , Microsoft.Network/networkInterfaces/read and Microsoft.Network/publicIPAddresses/read |
App Service | microsoft.web/webappstacks/read |
Application Gateway | Microsoft.Network/applicationGateways/read |
Azure Subscription | Microsoft.ApiManagement/service/subscriptions/read |
Bestion | Microsoft.Network/bastionHosts/read |
Container Registry | Microsoft.ContainerRegistry/registries/read |
Disk | Microsoft.Compute/disks/read |
DNS | Microsoft.Network/dnszones/read and Microsoft.Network/dnszones/recordsets/read |
Event Hub | Microsoft.EventHub/namespaces/read |
Express Route Circuit | Microsoft.Network/expressRouteCrossConnections/read |
Firewall | Microsoft.Network/azurefirewalls/read |
Function App | microsoft.web/functionappstacks/read |
Image | Microsoft.Compute/galleries/read , Microsoft.Compute/galleries/images/read and Microsoft.Compute/galleries/images/versions/read |
Kubernetes Cluster | Microsoft.ContainerService/managedClusters/read and Microsoft.Resources/subscriptions/resourcegroups/read |
Kubernetes VM | Microsoft.ContainerService/managedClusters/agentPools and Microsoft.Resources/subscriptions/resourcegroups/read |
Load Balancer | Microsoft.Network/loadBalancers/read |
Local Network Gateway | Microsoft.Network/localnetworkgateways/read |
Network | Microsoft.Network/virtualNetworks/read |
Network Interface | Microsoft.Network/networkInterfaces/read |
Private DNS | Microsoft.Network/privateDnsZones/read and Microsoft.Network/privateDnsZones/recordsets/read |
Public IP Address | Microsoft.Network/publicIPAddresses/read |
Redis Cache | Microsoft.Cache/redis/read |
Scalable Compute Group | Microsoft.Compute/virtualMachineScaleSets/read |
Service Fabric Cluster | Microsoft.ServiceFabric/clusters/read |
Service Fabric Virtual Machine | Microsoft.Compute/virtualMachineScaleSets/read and Microsoft.Compute/virtualMachineScaleSets/virtualMachines |
SQL Database | Microsoft.Sql/servers/databases/read |
SQL Elastic Pool Database | Microsoft.Sql/servers/elasticPools/databases |
SQL Server | Microsoft.Sql/servers/read |
Subnet | Microsoft.Network/virtualNetworks/subnets/read |
Storage Account | Microsoft.ClassicStorage/storageAccounts/read |
Virtual Network Gateway | Microsoft.Network/virtualNetworkGateways/read |
Virtual Private Network Gateway | Microsoft.Network/vpnGateways/read |
Virtual WAN | Microsoft.Network/virtualWans/read |
Web Application Firewall | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read |
Note: If you want to import usage data for specific asset-types, please add the following permission:
Microsoft.Insights/Metrics/Read
(Azure Monitor).
General Permission Configuration
As a prerequisite to configure an Azure importer Txture platform needs to be able to access Azure based resources as part of its data collection process. For this typically a read-only access policy is used together with an API-only access credential.
To configure a Azure data source in Txture you need the following credentials:
- Application (client) ID
- Directory (tenant) ID
- Password (secret value)
- Subcription IDs (optional)
Create Service Principal with the Azure CLI (easy step)
Please follow the Azure documentation for creating a service principal and follow the role assignment steps.
Example command: az ad sp create-for-rbac --name txture-import --role Reader
You may want to limit the account to certain subscriptions or resource groups by using --scopes
:
az ad sp create-for-rbac --name txture-import --scopes /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1 --role Reader
Create Service Principal with the Azure Portal
Please follow these steps to create access credentials that are required as part of the data source configuration in Txture:
- Logon to your Microsoft Azure Portal and select the
Azure Active Directory
service and go toApp registration
(or directly via this link). - Click on
New registration
and setup new app registration. Use "Accounts in this organizational directory only" as the supported account type. - Click on your new registration. You should now see the
Application (client) ID
and theDirectory (tenant) ID
you need to configure your Azure data source in Txture. - Next we need to create a
Client Secret
. To do so, click on certificate and secret link in your registration. - In the client secret section, click on
New client secret
and setup a new secret. Select an appropriate period for which the secret should be valid. - After having created your new secret, the column Value represents your
Password (secret value)
. Copy the secret value to you data source in Txture. It will be visible in Azure only during the setup process. - Finally, we can add
Subcription IDs
optionally to restrict access. You find your subscriptions in Azure Home --> Subscriptions (or directly via this link). Each subscription ID represents a separate billing in Azure. For each billing you have your Azure resources that are then imported into Txture. If no subscription IDs are added Txture will request resources for all accessible subscriptions.
Note
Make sure your Azure service principal has the permissions to read your subscriptions (Azure Documentation).
Note
When you do not assign Role Reader to the service principal, then be sure that you add the permission:
Microsoft.ApiManagement/service/subscriptions/read
, if you do not add Subscription IDs to datasource
Configuring Memory Usage Metrics for Virtual Machines
To receive insights of RAM usage on your virtual machines (VMs), follow these steps:
-
Access Your VM in Azure Console
a. Open the Azure portal and navigate to your VM.
b. From the Monitor dropdown menu, select Insights:
-
Enable Insights for Your VM
a. Click Enable Insights and wait for the process to complete. -
Verify Data Collection
a. Once Insights are enabled, go to the Azure Monitor section at the top of the page. This will open the Insights overview:
-
Check Performance Metrics
a. Navigate to the Performance tab to ensure data collection has started and that Insights are active:
By completing these steps, you will enable memory usage insights for your virtual machine.