Skip to main content

Azure Importer

Using this importer allows importing assets and links from Azure projects. The Azure Importer has a fixed schema:

Asset-TypeRequired Permissions
Virtual MachineMicrosoft.Compute/virtualMachines/read, Microsoft.Network/networkInterfaces/read and Microsoft.Network/publicIPAddresses/read
App Servicemicrosoft.web/webappstacks/read
Application GatewayMicrosoft.Network/applicationGateways/read
Azure SubscriptionMicrosoft.ApiManagement/service/subscriptions/read
BestionMicrosoft.Network/bastionHosts/read
Container RegistryMicrosoft.ContainerRegistry/registries/read
DiskMicrosoft.Compute/disks/read
DNSMicrosoft.Network/dnszones/read and Microsoft.Network/dnszones/recordsets/read
Event HubMicrosoft.EventHub/namespaces/read
Express Route CircuitMicrosoft.Network/expressRouteCrossConnections/read
FirewallMicrosoft.Network/azurefirewalls/read
Function Appmicrosoft.web/functionappstacks/read
ImageMicrosoft.Compute/galleries/read, Microsoft.Compute/galleries/images/read and Microsoft.Compute/galleries/images/versions/read
Kubernetes ClusterMicrosoft.ContainerService/managedClusters/read and Microsoft.Resources/subscriptions/resourcegroups/read
Kubernetes VMMicrosoft.ContainerService/managedClusters/agentPools and Microsoft.Resources/subscriptions/resourcegroups/read
Load BalancerMicrosoft.Network/loadBalancers/read
Local Network GatewayMicrosoft.Network/localnetworkgateways/read
NetworkMicrosoft.Network/virtualNetworks/read
Network InterfaceMicrosoft.Network/networkInterfaces/read
Private DNSMicrosoft.Network/privateDnsZones/read and Microsoft.Network/privateDnsZones/recordsets/read
Public IP AddressMicrosoft.Network/publicIPAddresses/read
Redis CacheMicrosoft.Cache/redis/read
Scalable Compute GroupMicrosoft.Compute/virtualMachineScaleSets/read
Service Fabric ClusterMicrosoft.ServiceFabric/clusters/read
Service Fabric Virtual MachineMicrosoft.Compute/virtualMachineScaleSets/read and Microsoft.Compute/virtualMachineScaleSets/virtualMachines
SQL DatabaseMicrosoft.Sql/servers/databases/read
SQL Elastic Pool DatabaseMicrosoft.Sql/servers/elasticPools/databases
SQL ServerMicrosoft.Sql/servers/read
SubnetMicrosoft.Network/virtualNetworks/subnets/read
Storage AccountMicrosoft.ClassicStorage/storageAccounts/read
Virtual Network GatewayMicrosoft.Network/virtualNetworkGateways/read
Virtual Private Network GatewayMicrosoft.Network/vpnGateways/read
Virtual WANMicrosoft.Network/virtualWans/read
Web Application FirewallMicrosoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read

Note: If you want to import usage data for specific asset-types, please add the following permission:

General Permission Configuration

As a prerequisite to configure an Azure importer Txture platform needs to be able to access Azure based resources as part of its data collection process. For this typically a read-only access policy is used together with an API-only access credential.

To configure a Azure data source in Txture you need the following credentials:

  • Application (client) ID
  • Directory (tenant) ID
  • Password (secret value)
  • Subcription IDs (optional)

Create Service Principal with the Azure CLI (easy step)

Please follow the Azure documentation for creating a service principal and follow the role assignment steps.

Example command: az ad sp create-for-rbac --name txture-import --role Reader

You may want to limit the account to certain subscriptions or resource groups by using --scopes:

az ad sp create-for-rbac --name txture-import --scopes /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1 --role Reader

Create Service Principal with the Azure Portal

Please follow these steps to create access credentials that are required as part of the data source configuration in Txture:

  1. Logon to your Microsoft Azure Portal and select the Azure Active Directory service and go to App registration (or directly via this link).
  2. Click on New registration and setup new app registration. Use "Accounts in this organizational directory only" as the supported account type.
  3. Click on your new registration. You should now see the Application (client) ID and the Directory (tenant) ID you need to configure your Azure data source in Txture.
  4. Next we need to create a Client Secret. To do so, click on certificate and secret link in your registration.
  5. In the client secret section, click on New client secret and setup a new secret. Select an appropriate period for which the secret should be valid.
  6. After having created your new secret, the column Value represents your Password (secret value). Copy the secret value to you data source in Txture. It will be visible in Azure only during the setup process.
  7. Finally, we can add Subcription IDs optionally to restrict access. You find your subscriptions in Azure Home --> Subscriptions (or directly via this link). Each subscription ID represents a separate billing in Azure. For each billing you have your Azure resources that are then imported into Txture. If no subscription IDs are added Txture will request resources for all accessible subscriptions.

Note

Make sure your Azure service principal has the permissions to read your subscriptions (Azure Documentation).

Note

When you do not assign Role Reader to the service principal, then be sure that you add the permission:

  • Microsoft.ApiManagement/service/subscriptions/read, if you do not add Subscription IDs to datasource

Configuring Memory Usage Metrics for Virtual Machines

To receive insights of RAM usage on your virtual machines (VMs), follow these steps:

  1. Access Your VM in Azure Console
    a. Open the Azure portal and navigate to your VM.
    b. From the Monitor dropdown menu, select Insights:

  2. Enable Insights for Your VM
    a. Click Enable Insights and wait for the process to complete.

  3. Verify Data Collection
    a. Once Insights are enabled, go to the Azure Monitor section at the top of the page. This will open the Insights overview:

  4. Check Performance Metrics
    a. Navigate to the Performance tab to ensure data collection has started and that Insights are active:

By completing these steps, you will enable memory usage insights for your virtual machine.