Skip to content

Latest commit

 

History

History
74 lines (51 loc) · 4.04 KB

README.md

File metadata and controls

74 lines (51 loc) · 4.04 KB
Raw

ARI

Azure Resource Inventory .NET Tool - Inventories and documents Azure Tenant resources to a set of markdown files for specified tenant to a specified folder.

Obtain

dotnet tool install -g ari

Commands

Use -h / --help to get the current list of available commands and options.

ari --help
ari command --help

inventory

The inventory command inventories tenants and outputs it's result as markdown files to specified output path.

ari inventory <tenantId> <outputpath> [options]

Quick Start

Running ARI Successfully for the First Time

By default it'll try authenticate using the DefaultAzureCredential which tries to authorize in the following order based on your environment.

  1. EnvironmentCredential
  2. WorkloadIdentityCredential
  3. ManagedIdentityCredential
  4. SharedTokenCacheCredential
  5. VisualStudioCredential
  6. VisualStudioCodeCredential
  7. AzureCliCredential
  8. AzurePowerShellCredential
  9. AzureDeveloperCliCredential
  10. InteractiveBrowserCredential

Setup Azure App Registration

The recommended way is using a service principal with only the access required for it to document, you can do this by creating an app registration.

  1. Begin by creating an App Registration in Azure Entra for the report generator. This ensures that the report generator has precisely the required access, such as organization-wide read permissions or access to a limited set of subscriptions.
  2. Assign the API permission https://graph.microsoft.com/Organization.Read.All to the created App Registration.
  3. In my tenant, Admin consent is required for this permission.
  4. Add a role that allows the App Registration to read an organization. You can do this under Subscription management in Azure and Access Control (IAM). Add Role Assignment, find the App Registration and give it Read access.
  5. Assign a secret to the App Registration and make a note of this secret.

With the Azure App Registration now configured, we are ready to proceed.

Configure ARI for Execution

  1. Create a dedicated folder for the generated report.
  2. Set the environment variable AZURE_TENANT_ID to the tenant ID (found in the App Registration overview for your app).
  3. Set the environment variable AZURE_CLIENT_ID to the client ID (found in the App Registration overview for your app).
  4. Set the environment variable AZURE_CLIENT_SECRET to the secret noted earlier.
  5. Set the environment variable AZURE_AUTHORITY_HOST to https://login.microsoftonline.com/.

Run ARI

Assuming all the environment variables are correctly set, follow these steps:

dotnet tool install --global ARI
ari <AZURE_TENANT_ID> <FOLDER_FOR_REPORT>

By following these steps, you should be able to run ARI successfully for the first time. If you encounter any issues, double-check the Azure App Registration setup and ensure that the environment variables are accurately configured.