Skip to main content
Version: 4.2.0

How to Collect Azure Resource Data

The Azure collector is configured within the Fix Inventory Worker configuration via the config command in Fix Inventory Shell.

Prerequisites​

This guide assumes that you have already installed Fix Inventory.

Directions​

1. Enable the Azure Collector​

  1. Open the Fix Inventory Worker configuration via the config command in Fix Inventory Shell:

    > config edit fix.worker
  2. Add azure to the list of collectors by modifying the configuration as follows:

    fixworker:
    ...
    # List of collectors to run
    collector:
    - 'azure'
    ...
    ...

2. Configure Azure​

  1. Open the Azure console.

  2. In the search box, type App registrations and select the App registrations service:

    Azure app registrations

  3. Click New registration:

    Azure new registration

  4. Enter a name for the application and click the Register button:

    Azure register application

  5. Make note of the displayed Application (client) ID and Directory (tenant) ID:

    Azure application (client) ID & directory (tenant) ID

    note

    These values will be provided as client_id and tenant_id to the Azure collector.

  6. Click on Certificates & secrets in the left-hand menu:

    Azure certificates & secrets

  7. Click New client secret:

    Azure new client secret

  8. Enter a description for the secret, select an expiration period, and click the Add button:

    Azure add client secret

  9. Make note of the displayed Value of the created secret:

    Azure client secret value

    note

    This value will be provided as client_secret to the Azure collector.

  10. Click on API permissions in the left-hand menu:

    Azure API permissions

  11. Click Add a permission:

    Azure add a permission

  12. Click Azure Service Management:

    Azure service management

  13. Select the user_impersonation permission:

    Azure user impersonation permission

  14. Click the Add permissions button:

    Azure add permissions

  15. In the search box, type Subscriptions and select the Subscriptions service:

    Azure subscriptions

  16. Click on your subscription:

    Azure subscription

  17. Click Access control (IAM) in the left-hand menu:

    Azure access control (IAM)

  18. Click Add role assignment:

    Azure add role assignment

  19. In the Role tab, select the Reader role:

    Azure reader role

  20. Click the Next button:

    Azure next button

  21. In the Members tab, click Select members:

    Azure select members

  22. Search for the application you created earlier:

    Azure search application

  23. Click the application and click the Select button:

    Azure select button

  24. Click the Review + assign button:

    Azure review + assign

3. Authenticate with Azure​

  1. Open the Fix Inventory Worker configuration via the config command in Fix Inventory Shell:

    > config edit fix.worker
  2. Modify the azure section of the configuration as follows, adding your API tokens and/or access keys:

    azure:
    accounts:
    default:
    client_secret:
    tenant_id: '<tenant ID>'
    client_id: '<client ID>'
    client_secret: '<client secret>'

4. Trigger Resource Collection​

  1. By default, Fix Inventory performs resource collection each hour. To immediately trigger a collect run, use the workflow run command in Fix Inventory Shell:

    > workflow run collect
  2. Once the collect run completes, you can view a summary of collected Azure resources using the following search:

    > search is(azure_resource) | count kind