Azure Resource Graph
Author: Ronald Fung
Creation Date: 30 May 2023
Next Modified Date: 30 May 2024
A. Introduction
Azure Resource Graph is an Azure service designed to extend Azure Resource Management by providing efficient and performant resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment. These queries provide the following abilities:
Query resources with complex filtering, grouping, and sorting by resource properties.
Explore resources iteratively based on governance requirements.
Assess the impact of applying policies in a vast cloud environment.
Query changes made to resource properties (preview). In this documentation, you’ll go over each feature in detail.
Note
Azure Resource Graph powers Azure portal’s search bar, the new browse All resources experience, and Azure Policy’s Change history visual diff. It’s designed to help customers manage large-scale environments.
Note
This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and resource groups that customers have delegated.
B. How is it used at Seagen
As a biopharma research company using Microsoft Azure, Seagen could use Azure Resource Graph to query and analyze Azure resource data at scale. Azure Resource Graph is a powerful tool that allows users to query and explore resource metadata and relationships across multiple subscriptions and resource groups. Here are some ways Seagen could use Azure Resource Graph:
Resource inventory: Azure Resource Graph allows Seagen to create a comprehensive inventory of Azure resources across multiple subscriptions and resource groups. This can help Seagen understand the scope and complexity of their Azure resources and identify potential security and compliance risks.
Resource optimization: Azure Resource Graph allows Seagen to identify underutilized or overprovisioned resources, such as virtual machines and storage accounts. This can help Seagen optimize their Azure resources and reduce costs.
Resource security: Azure Resource Graph allows Seagen to identify security risks, such as resources that are exposed to the public internet or that have weak access controls. This can help Seagen ensure that their Azure resources are secure and comply with industry standards.
Resource monitoring: Azure Resource Graph allows Seagen to monitor Azure resource usage and performance metrics, such as CPU utilization and network traffic. This can help Seagen identify resource bottlenecks and performance issues.
Resource compliance: Azure Resource Graph allows Seagen to ensure that their Azure resources comply with industry standards and regulations, such as HIPAA and PCI. This can help Seagen avoid potential compliance violations and penalties.
Overall, Azure Resource Graph provides a powerful tool for querying and analyzing Azure resource data at scale. Its ability to create a comprehensive inventory of resources, optimize resource usage, monitor resource performance, and ensure compliance with industry standards makes it a valuable tool for organizations that require a scalable and flexible platform for their Azure resources.
C. Features
Azure Resource Graph is a powerful tool that allows users to query and analyze Azure resource data at scale. It offers a range of features to help organizations gain insight into their Azure resources. Some of the key features of Azure Resource Graph include:
Resource querying: Azure Resource Graph allows users to query Azure resource data using a powerful query language called Kusto Query Language (KQL). This makes it easy to explore and analyze resource metadata and relationships across multiple subscriptions and resource groups.
Resource inventory: Azure Resource Graph allows users to create a comprehensive inventory of Azure resources across multiple subscriptions and resource groups. This can help users understand the scope and complexity of their Azure resources and identify potential security and compliance risks.
Resource optimization: Azure Resource Graph allows users to identify underutilized or overprovisioned resources, such as virtual machines and storage accounts. This can help users optimize their Azure resources and reduce costs.
Resource security: Azure Resource Graph allows users to identify security risks, such as resources that are exposed to the public internet or that have weak access controls. This can help users ensure that their Azure resources are secure and comply with industry standards.
Resource monitoring: Azure Resource Graph allows users to monitor Azure resource usage and performance metrics, such as CPU utilization and network traffic. This can help users identify resource bottlenecks and performance issues.
Resource compliance: Azure Resource Graph allows users to ensure that their Azure resources comply with industry standards and regulations, such as HIPAA and PCI. This can help users avoid potential compliance violations and penalties.
Integration with Azure services: Azure Resource Graph integrates with other Azure services, such as Azure Monitor and Azure Policy, to provide a comprehensive solution for managing Azure resources.
Customization: Azure Resource Graph allows users to customize their queries and analyze resource data using their own data models. This can help users gain deeper insights into their Azure resources and improve their decision-making.
Overall, Azure Resource Graph provides a powerful tool for querying and analyzing Azure resource data at scale. Its ability to query, inventory, optimize, monitor, and ensure compliance with Azure resources, as well as integrate with other Azure services and allow customization, makes it a valuable tool for organizations that require a scalable and flexible platform for their Azure resources.
D. Where Implemented
E. How it is tested
Testing Azure Resource Graph involves several steps that include:
Creating a test environment: The first step is to create a test environment that is separate from the production environment. This ensures that any issues or bugs discovered during testing do not affect the live system.
Configuring Azure Resource Graph: The next step is to configure Azure Resource Graph for the Azure resources that need to be queried and analyzed. This involves setting up queries, filters, and configuration files, and defining access policies.
Testing resource querying: Once Azure Resource Graph is configured, the next step is to test resource querying. This involves verifying that Azure Resource Graph can query and analyze Azure resource metadata and relationships across multiple subscriptions and resource groups.
Testing resource inventory: After testing resource querying, the next step is to test resource inventory. This involves verifying that Azure Resource Graph can create a comprehensive inventory of Azure resources across multiple subscriptions and resource groups.
Testing resource optimization: Once resource inventory is tested, the next step is to test resource optimization. This involves verifying that Azure Resource Graph can identify underutilized or overprovisioned resources, such as virtual machines and storage accounts, and provide recommendations for optimization.
Testing resource security: After resource optimization is tested, the next step is to test resource security. This involves verifying that Azure Resource Graph can identify security risks, such as resources that are exposed to the public internet or that have weak access controls, and provide recommendations for improving security.
Testing resource monitoring: After resource security is tested, the next step is to test resource monitoring. This involves verifying that Azure Resource Graph can monitor Azure resource usage and performance metrics, such as CPU utilization and network traffic, and provide recommendations for improving performance.
Integration testing: After Azure Resource Graph has been tested, it must be integrated with other systems and applications to ensure that it works seamlessly with other components.
User acceptance testing: Finally, Azure Resource Graph must undergo user acceptance testing to ensure that it meets the requirements of the end-users.
Overall, testing Azure Resource Graph involves a comprehensive testing approach that covers all the functionalities of the solution and ensures that it meets the requirements of the end-users. Testing should include both functional and non-functional testing, such as performance testing, security testing, and scalability testing. It is also important to test the integration of Azure Resource Graph with other systems and applications to ensure that it works seamlessly with other components. It is recommended to test Azure Resource Graph in a test environment before deploying it in a production environment to minimize the risk of issues during production use.
F. 2023 Roadmap
????
G. 2024 Roadmap
????
H. Known Issues
Like all software products, Azure Resource Graph may have some known issues. Here are some of the known issues of Azure Resource Graph:
Query performance: Azure Resource Graph may have performance issues when querying large amounts of Azure resource data. This can impact the ability of users to query and analyze resource data effectively.
Data accuracy: Azure Resource Graph may have issues with data accuracy, such as missing or incomplete resource metadata. This can impact the accuracy of queries and analysis.
Integration issues: Azure Resource Graph may have integration issues when integrating with other systems and applications. This can impact the ability of users to use Azure Resource Graph in their existing workflows.
Security issues: Azure Resource Graph may have security issues, such as vulnerabilities in the access control or data encryption features. This can expose organizations to security risks and data breaches.
Complexity: Azure Resource Graph can be complex to configure and manage, especially for organizations with large and complex Azure resource environments. This can require significant technical expertise and resources.
Overall, while Azure Resource Graph is a powerful solution for querying and analyzing Azure resource data, users must be aware of these known issues and take steps to mitigate their impact. This may include addressing performance issues, ensuring data accuracy, monitoring security vulnerabilities, and providing training and support to users to effectively use and manage Azure Resource Graph. It is recommended to carefully plan and test the use of Azure Resource Graph in a test environment before deploying it in a production environment to minimize the risk of issues during production use.
[x] Reviewed by Enterprise Architecture
[x] Reviewed by Application Development
[x] Reviewed by Data Architecture