Azure Quick Review (azqr) is a powerful command-line tool that analyzes Azure resources to ensure compliance with best practices developed by Carlos Mendible.
You can swiftly conduct a high-level assessment of your “Azure Subscription” or “Resource Group.”
The output generated by AZQR is written by default to an Excel file, which contains the following sheets:
Recommendations: a list with all recommendations with the number of resources that are impacted. You can use this table as an action plan to improve the compliance of your resources.
-
ImpactedResources: a list of all resources that are impacted. You can use this table to identify resources that have issues that need to be addressed.
-
ResourceTypes: a list of impacted resource types.
-
Inventory: a list of all resources scanned by the tool. Here you’ll find details such as SKU, Tier, Kind, or calculated SLA.
-
Advisor: a list of recommendations provided by Azure Advisor.
-
DefenderRecommendations: a list of recommendations provided by Microsoft Defender for Cloud.
-
OutOfScope: a list of resources that were not scanned.
-
Defender: a list of Microsoft Defender for Cloud plans and their tiers.
-
Costs: a list of expenses associated with the scanned subscription for the last 3 months.
Installation of AZQR
Install on Windows
winget install azqrInstall on Mac
brew install azqrInstall on Linux or Azure Cloud Shell (Bash)
latest_azqr=$(curl -sL https://api.github.com/repos/Azure/azqr/releases/latest | jq -r ".tag_name" | cut -c1-)
wget https://github.com/Azure/azqr/releases/download/$latest_azqr/azqr-ubuntu-latest-amd64 -O azqr
chmod +x azqrRun the AZQR tool
To execute the tool, you must log in to your Azure Tenant using an account that possesses the minimum ‘Subscription Reader’ role.
az loginTo scan all resource groups in all subscriptions:
./azqr scanTo scan all resource groups in a specific subscription:
./azqr scan -s <subscription_id>To scan a specific resource group in a specific subscription:
./azqr scan -s <subscription_id> -g <resource_group_name>To scan all resources in a specific management group run:
./azqr scan --management-group-id <management_group_id>
To include or exclude specific subscriptions, resource groups, services, or recommendations. create a yaml file with the following format and run:
./azqr scan --filters <path_to_yaml_file>
Yaml file format:
azqr:
include:
subscriptions:
- <subscription_id> # format: <subscription_id>
resourceGroups:
- <resource_group_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
resourceTypes:
- <resource type abbreviation> # format: Abbreviation of the resource type. For example: "vm" for "Microsoft.Compute/virtualMachines"
exclude:
subscriptions:
- <subscription_id> # format: <subscription_id>
resourceGroups:
- <resource_group_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
services:
- <service_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<service_provider>/<service_name>
recommendations:
- <recommendation_id> # format: <recommendation_id>
For information on available commands and help run:
./azqr -hNotes:
Azure Quick Review (azqr) obfuscates Subscription IDs in the output to protect sensitive information and maintain data privacy and security. To display the Subscription IDs without obfuscation, use this flag:
--mask=falseAzure Quick Review can generate CSV files with the same information as Excel. To do this, use this flag:
--csvPower BI template is available to visualize Azure Quick Review results. Create the template by running AZQR with the pbi command and then loading the Excel file generated by the tool.
azqr pbi -p 'Path where the PowerBI template will be created'
Leave a reply