Azure Resources

CatalogDiscovery

Overview

Azure Resources provides on-demand cloud computing platforms and APIs. Cortex uses the Azure Resource API to pull in resource details and import entities such as SQL servers, virtual machines, virtual networks, load balancers, and others.

Integrate Azure Resources with Cortex to drive insights into:

Catalogs
Dependencies

After the integration is configured, your resources from Azure will be visible in Cortex.

How to configure Azure Resources with Cortex

Prerequisites

Before getting started, you will need the following information. These can be found in the Enterprise applications section of Azure:

Azure tenant ID
Azure client ID and client secret
Azure subscription ID
- Ensure that the service principal for the subscription ID has a Reader role.

Configure the integration in Cortex

In Cortex, navigate to the Azure Resources settings page:
1. In Cortex, click your avatar in the lower left corner, then click Settings.
2. Under "Integrations", click Azure Resources.
Click Add Azure Resources configuration.
Configure the Azure Resources integration form:
- Account alias: Enter your Azure account alias. Account aliases are used to tie service registrations to different configuration accounts.
- Azure tenant ID: Enter your Azure tenant ID.
- Client ID and Client secret: Enter your Azure client ID and secret.
- Subscription ID: Enter your Azure subscription ID.
Click Save.
- You will be redirected to the Azure Resources Settings page in Cortex, where you can optionally choose to include only specified Azure resource types for this integration.

Once you save your configuration, you'll see it listed on the integration's settings page in Cortex. If you’ve set everything up correctly, you’ll see the option to Remove Integration in Settings.

You can also use the Test all configurations button to confirm that the configuration was successful. If your configuration is valid, you’ll see a banner that says “Configuration is valid. If you see issues, please see documentation or reach out to Cortex support.”

Configure the integration for multiple Azure accounts

The Azure integration has multi-account support. You can add a configuration for each additional by repeating the process above.

Each configuration requires an alias, which Cortex uses to correlate the designated with registrations for various entities. Registrations can also use a default configuration without a listed alias. You can edit aliases and default configurations from the Azure page in your Cortex settings. Select the edit icon next to a given configuration and toggle Set as default on. If you only have one configuration, it will automatically be set as the default.

How to connect Cortex Entities to Azure Resources

Enable automatic discovery of Azure Resource entities

You can configure automatic import from Azure:

In Cortex, navigate to the Entities Settings page.
Next to Auto import from AWS, Azure, and/or Google Cloud, click the toggle to enable the import.

Discover ownership for Azure Resources

Cortex can automatically discover ownership for your Azure resources. To configure this:

Make sure that your Azure resources have a tag matching the x-cortex-tag of the corresponding Cortex team
Enable the “Sync ownership from Azure” toggle in the Azure Resources Settings page in Cortex.
- By default, Cortex looks for the owner tag. You can also customize the tag key name on the Settings page.

Cortex syncs ownership from Azure Resources every day at 6 a.m. UTC.

Define a dependency

Cortex automatically discovers dependencies between your services and resources by scanning for resources with specific Azure Resources tags. By default, a service will have dependencies on any Cortex resource that has a corresponding Azure Resources resource with Azure Resources tag key = "service" and tag value = the service's Cortex tag.

On the Azure Resources settings page, you can customize the tag key names for dependencies.

For more information on defining dependencies, please see the Dependencies documentation.

Import entities from Azure Resources

You can manually import entities from Azure Resources:

In the main nav of Cortex, click Catalogs > All entities.
On the right side of the Entities page, click Import entities.
Select the entity type (Service, Team, or Domain).
On the "Import entities" page, select Azure Resources.
A list of discovered entities will appear. Click an entity to add it.
- If your expected entities do not appear, click Sync entities in the upper left corner of the "Import entities" page.
When you are finished adding entities, click Add.

Editing the entity descriptor

You can associate a Cortex entity with one or more Azure Resources entities. Cortex will display those Azure Resources entities' metadata on the Cortex entity page.

When the entity is connected to Azure, the entity YAML will look like the following:

x-cortex-azure:
  ids:
  - id: /subscriptions/1fbb2da1-2ce7-45e4-b85f-676ab8e685b9/resourceGroups/GROUP1/providers/Microsoft.Compute/disks/vm1_disk1_3d9f85717666435e9e87e4883d31a7e9
    alias: my-default-alias # alias is optional and only relevant if you have opted into multi account support
  - id: /subscriptions/1fbb2da1-2ce8-45e4-b85f-676ab8e685b0/resourceGroups/GROUP2/providers/Microsoft.Compute/disks/vm1_disk1_3d9f85717666435e9e87e4883d31a7e0
    alias: my-other-alias # alias is optional and only relevant if you have opted into multi account support

Background sync

Cortex conducts a background sync of Azure Resources every day at 10 a.m. UTC and an ownership sync every day at 6 a.m. UTC.

Scorecards and CQL

With the Azure Resources integration, you can create Scorecard rules and write CQL queries based on Azure Resources details.

See more examples in the CQL Explorer in Cortex.

Get Azure Resource details for the entity

Get Azure Resource details for an entity.

Definition: azureResource.details(): Object

Examples

In a Scorecard, you can write a rule to make sure an entity has Azure Resource details:

azureResource.details() != null

Make sure an entity has an environment tag:

azureResource.details().resources.filter((resource) => jq(resource, ".metadata.\"environment\"") != null).length > 0

Make sure an entity has a health check:

jq(azureResource.details(), ".resources[].metadata.siteConfig.healthCheckPath") != null

Make sure an entity has a tag with a certain key and value:

azureResource.details().resources.filter((resource) => resource.tags.get("tag-key") == "tag-value").length > 0

FAQs and troubleshooting

Why is the Azure resource type microsoft-resources-subscriptions-resourcegroups not pulling in Azure Resource details?

Cortex pulls from the Azure Resource API, but not from the Azure Resource Group API. If you would like to submit a feature request for support of Azure Resource Groups, please contact our customer engineering team.

Still need help?

The following are all the ways to get assistance from our customer engineering team. Please use the option that is best for your users:

Email: help@cortex.io, or open a support ticket in the in app Resource Center
Chat: Available in the Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your customer success manager.

Overview​

How to configure Azure Resources with Cortex​

Prerequisites​

Configure the integration in Cortex​

Configure the integration for multiple Azure accounts​

How to connect Cortex Entities to Azure Resources​

Enable automatic discovery of Azure Resource entities​

Discover ownership for Azure Resources​

Define a dependency​

Import entities from Azure Resources​

Editing the entity descriptor​

Background sync​

Scorecards and CQL​

FAQs and troubleshooting​

Still need help?​