Azure Resources

Overview

Azure Resources provides on-demand cloud computing platforms and APIs. Cortex uses the Azure Resource API to pull in resource details and import entities such as SQL servers, virtual machines, virtual networks, load balancers, and others.

Integrate Azure Resources with Cortex to drive insights into:

  • Catalogs

  • Dependencies

After the integration is configured, your resources from Azure will be visible in Cortex.

How to configure Azure Resources with Cortex

Prerequisites

Before getting started, you will need the following information. These can be found in the Enterprise applications section of Azure:

  • Azure tenant ID

  • Azure client ID and client secret

  • Azure subscription ID

    • Ensure that the service principal for the subscription ID has a Reader role.

Configure the integration in Cortex

  1. In Cortex, navigate to the Azure Resources settings page:

    1. In Cortex, click your avatar in the lower left corner, then click Settings.

    2. Under "Integrations", click Azure Resources.

  2. Click Add configuration.

  3. Configure the Azure Resources integration form:

    • Account alias: Enter your Azure account alias. Account aliases are used to tie service registrations to different configuration accounts.

    • Azure tenant ID: Enter your Azure tenant ID.

    • Client ID and Client secret: Enter your Azure client ID and secret.

    • Subscription ID: Enter your Azure subscription ID.

  4. Click Save.

    • You will be redirected to the Azure Resources Settings page in Cortex, where you can optionally choose to include only specified Azure resource types for this integration. You can also enable automatic import for any discovered entities of known types.

How to connect Cortex Entities to Azure Resources

Enable automatic discovery of Azure Resource entities

You can configure automatic import from Azure:

  1. In Cortex, navigate to the Entities Settings page.

  2. Next to Auto import from AWS, Azure, and/or Google Cloud, click the toggle to enable the import.

Discover ownership for Azure Resources

Cortex can automatically discover ownership for your Azure resources. To configure this:

  • Make sure that your Azure resources have a tag matching the x-cortex-tag of the corresponding Cortex team

  • Enable the “Sync ownership from Azure” toggle in the Azure Resources Settings page in Cortex.

    • By default, Cortex looks for the owner tag. You can also customize the tag key name on the Settings page.

Cortex syncs ownership from Azure Resources every day at 6 a.m. UTC.

Define a dependency

Cortex automatically discovers dependencies between your services and resources by scanning for resources with specific Azure Resources tags. By default, a service will have dependencies on any Cortex resource that has a corresponding Azure Resources resource with Azure Resources tag key = "service" and tag value = the service's Cortex tag.

On the Azure Resources settings page, you can customize the tag key names for dependencies.

For more information on defining dependencies, please see the Dependencies documentation.

Import entities from Azure Resources

See the Create services documentation for instructions on importing entities.

Editing the entity descriptor

You can associate a Cortex entity with one or more Azure Resources entities. Cortex will display those Azure Resources entities' metadata on the Cortex entity page.

When the entity is connected to Azure, the entity YAML will look like the following:

x-cortex-azure:
  ids:
  - id: /subscriptions/1fbb2da1-2ce7-45e4-b85f-676ab8e685b9/resourceGroups/GROUP1/providers/Microsoft.Compute/disks/vm1_disk1_3d9f85717666435e9e87e4883d31a7e9
    alias: my-default-alias # alias is optional and only relevant if you have opted into multi account support
  - id: /subscriptions/1fbb2da1-2ce8-45e4-b85f-676ab8e685b0/resourceGroups/GROUP2/providers/Microsoft.Compute/disks/vm1_disk1_3d9f85717666435e9e87e4883d31a7e0
    alias: my-other-alias # alias is optional and only relevant if you have opted into multi account support

Scorecards and CQL

With the Azure Resources integration, you can create Scorecard rules and write CQL queries based on Azure Resources details.

See more examples in the CQL Explorer in Cortex.

Get Azure Resource details for entity

Get Azure Resource details for an entity.

Definition: azureResource.details(): Object

Examples

In a Scorecard, you can write a rule to make sure an entity has Azure Resource details:

azureResource.details() != null

Make sure an entity has an environment tag:

azureResource.details().resources.filter((resource) => jq(resource, ".metadata.\"environment\"") != null).length > 0

Make sure an entity has a health check:

jq(azureResource.details(), ".resources[].metadata.siteConfig.healthCheckPath") != null

Make sure an entity has a tag with a certain key and value:

azureResource.details().resources.filter((resource) => resource.tags.get("tag-key") == "tag-value").length > 0

Background sync

Cortex conducts a background sync of Azure Resources every day at 10 a.m. UTC and an ownership sync every day at 6 a.m. UTC.

FAQs and troubleshooting

Why is the Azure resource type microsoft-resources-subscriptions-resourcegroups not pulling in Azure Resource details?

Cortex pulls from the Azure Resource API, but not from the Azure Resource Group API. If you would like to submit a feature request for support of Azure Resource Groups, please contact our customer engineering team.

Still need help?

The following options are available to get assistance from the Cortex Customer Engineering team:

  • Email: [email protected], or open a support ticket in the in app Resource Center

  • Chat: Available in the Resource Center

  • Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.

Last updated

Was this helpful?