jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cost opmization, key vault, service connection and webapps list updates

Browse Source
This commit is contained in:
Jurjen Ladenius
2024-06-19 16:50:53 +02:00
parent d91e8b18ba
commit 6957def272
5 changed files with 111 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Powershell/Lists/Azure/2024-05-22 1357 azure_webapps.csv
View File

@@ -1,8 +0,0 @@
"ResourceId","Kind","Location","ResourceName","ResourceGroup","ResourceType","State","ManagementGroupId","ManagementGroupName","SubscriptionId","SubscriptionName","Tag_Team","Tag_Product","Tag_Environment","Tag_Data","Tag_Deployment","Tag_CreatedOnDate","Prop_HttpsOnly","Prop_PhpVersion","Prop_RemoteDebuggingEnabled","Prop_MinTlsVersion","Prop_FtpsState","Prop_Http20Enabled","Prop_Identity","LastDeployDate"
"/subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/dotnet-amsterdam/providers/Microsoft.Web/sites/dotnetamsterdam","app","West Europe","dotnetamsterdam","dotnet-amsterdam","Microsoft.Web/sites","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","33fc60b1-a502-44da-acf5-b9fe22b1ea6f","Visual Studio Premium met MSDN (Erik AD)","","","","","","11/05/2018 19:13:56","False","","False","1.2","Disabled","False","",""
"/subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/CustomerData-Test/providers/Microsoft.Web/sites/effcdtest","functionapp","West Europe","effcdtest","CustomerData-Test","Microsoft.Web/sites","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","33fc60b1-a502-44da-acf5-b9fe22b1ea6f","Visual Studio Premium met MSDN (Erik AD)","","","","","","07/24/2021 06:38:22","True","5.6","False","1.2","Disabled","True","SystemAssigned",""
"/subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/CustomerData-Test/providers/Microsoft.Web/sites/effcdtest/slots/stage","functionapp","West Europe","effcdtest/stage","CustomerData-Test","Microsoft.Web/sites/slots","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","33fc60b1-a502-44da-acf5-b9fe22b1ea6f","Visual Studio Premium met MSDN (Erik AD)","","","","","","07/24/2021 06:39:02","False","","False","1.2","Disabled","False","",""
"/subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/dummy-test-group/providers/Microsoft.Web/sites/ditisdenaam","functionapp","West Europe","ditisdenaam","dummy-test-group","Microsoft.Web/sites","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","33fc60b1-a502-44da-acf5-b9fe22b1ea6f","Visual Studio Premium met MSDN (Erik AD)","","","","","","02/06/2021 17:58:42","True","5.6","False","1.2","Disabled","True","SystemAssigned",""
"/subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/dummy-test-group/providers/Microsoft.Web/sites/ditisdenaam/slots/stage","functionapp","West Europe","ditisdenaam/stage","dummy-test-group","Microsoft.Web/sites/slots","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","33fc60b1-a502-44da-acf5-b9fe22b1ea6f","Visual Studio Premium met MSDN (Erik AD)","","","","","","05/04/2023 12:57:26","False","","False","1.2","Disabled","True","",""
"/subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/team-gray-bot/providers/Microsoft.Web/sites/teamgray","functionapp","West Europe","teamgray","team-gray-bot","Microsoft.Web/sites","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","33fc60b1-a502-44da-acf5-b9fe22b1ea6f","Visual Studio Premium met MSDN (Erik AD)","","","","","","03/29/2021 10:20:56","True","","False","1.2","Disabled","False","","08/08/2022 13:00:11"
"/subscriptions/23e654c9-ed9d-424e-b69a-6a0be116a3ce/resourceGroups/dashboards/providers/Microsoft.Web/sites/import-google-analytics-me2","functionapp","West Europe","import-google-analytics-me2","dashboards","Microsoft.Web/sites","Running","/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09","Tenant Root Group","23e654c9-ed9d-424e-b69a-6a0be116a3ce","Dev/Test Hans","blue","poc","test","","","10/30/2020 16:58:49","True","5.6","False","1.2","Disabled","False","SystemAssigned",""
1 ResourceId Kind Location ResourceName ResourceGroup ResourceType State ManagementGroupId ManagementGroupName SubscriptionId SubscriptionName Tag_Team Tag_Product Tag_Environment Tag_Data Tag_Deployment Tag_CreatedOnDate Prop_HttpsOnly Prop_PhpVersion Prop_RemoteDebuggingEnabled Prop_MinTlsVersion Prop_FtpsState Prop_Http20Enabled Prop_Identity LastDeployDate
2 /subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/dotnet-amsterdam/providers/Microsoft.Web/sites/dotnetamsterdam app West Europe dotnetamsterdam dotnet-amsterdam Microsoft.Web/sites Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 33fc60b1-a502-44da-acf5-b9fe22b1ea6f Visual Studio Premium met MSDN (Erik AD) 11/05/2018 19:13:56 False False 1.2 Disabled False
3 /subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/CustomerData-Test/providers/Microsoft.Web/sites/effcdtest functionapp West Europe effcdtest CustomerData-Test Microsoft.Web/sites Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 33fc60b1-a502-44da-acf5-b9fe22b1ea6f Visual Studio Premium met MSDN (Erik AD) 07/24/2021 06:38:22 True 5.6 False 1.2 Disabled True SystemAssigned
4 /subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/CustomerData-Test/providers/Microsoft.Web/sites/effcdtest/slots/stage functionapp West Europe effcdtest/stage CustomerData-Test Microsoft.Web/sites/slots Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 33fc60b1-a502-44da-acf5-b9fe22b1ea6f Visual Studio Premium met MSDN (Erik AD) 07/24/2021 06:39:02 False False 1.2 Disabled False
5 /subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/dummy-test-group/providers/Microsoft.Web/sites/ditisdenaam functionapp West Europe ditisdenaam dummy-test-group Microsoft.Web/sites Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 33fc60b1-a502-44da-acf5-b9fe22b1ea6f Visual Studio Premium met MSDN (Erik AD) 02/06/2021 17:58:42 True 5.6 False 1.2 Disabled True SystemAssigned
6 /subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/dummy-test-group/providers/Microsoft.Web/sites/ditisdenaam/slots/stage functionapp West Europe ditisdenaam/stage dummy-test-group Microsoft.Web/sites/slots Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 33fc60b1-a502-44da-acf5-b9fe22b1ea6f Visual Studio Premium met MSDN (Erik AD) 05/04/2023 12:57:26 False False 1.2 Disabled True
7 /subscriptions/33fc60b1-a502-44da-acf5-b9fe22b1ea6f/resourceGroups/team-gray-bot/providers/Microsoft.Web/sites/teamgray functionapp West Europe teamgray team-gray-bot Microsoft.Web/sites Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 33fc60b1-a502-44da-acf5-b9fe22b1ea6f Visual Studio Premium met MSDN (Erik AD) 03/29/2021 10:20:56 True False 1.2 Disabled False 08/08/2022 13:00:11
8 /subscriptions/23e654c9-ed9d-424e-b69a-6a0be116a3ce/resourceGroups/dashboards/providers/Microsoft.Web/sites/import-google-analytics-me2 functionapp West Europe import-google-analytics-me2 dashboards Microsoft.Web/sites Running /providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09 Tenant Root Group 23e654c9-ed9d-424e-b69a-6a0be116a3ce Dev/Test Hans blue poc test 10/30/2020 16:58:49 True 5.6 False 1.2 Disabled False SystemAssigned

101
Powershell/Lists/Azure/KeyVaultNonRBACSecrets.ps1 Normal file
View File

@@ -0,0 +1,101 @@
#Connect-AzAccount
[string] $userObjectId = "c6025a2e-416c-42da-96ef-dd507382793a" #Should be interactive user (this one is Jurjen)
class ResourceCheck {
[string] $ManagementGroupId = ""
[string] $ManagementGroupName = ""
[string] $SubscriptionId = ""
[string] $SubscriptionName = ""
[string] $ResourceGroup = ""
[string] $ResourceId = ""
[string] $Location = ""
[string] $ResourceName = ""
[string] $Secret_Key = ""
[string] $Tag_Team = ""
[string] $Tag_Product = ""
[string] $Tag_Environment = ""
[string] $Tag_Data = ""
[string] $Tag_Deployment = ""
[string] $Tag_CreatedOnDate = ""
}
Write-Host "======================================================================================================================================================================"
Write-Host "Creating key vault secrets overview for key vaults with access policies."
Write-Host "======================================================================================================================================================================"
[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
$fileName = ".\$date azure_key_vault_secrets.csv"
$managementGroups = Get-AzManagementGroup
foreach ($managementGroup in $managementGroups)
{
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
Write-Host "Management group [$($managementGroup.Name)]"
$subscriptions = Get-AzManagementGroupSubscription -Group $managementGroup.Name | Where-Object State -eq "Active"
foreach ($subscription in $subscriptions)
{
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
$scope = $subscription.Id.Substring($subscription.Parent.Length, $subscription.Id.Length - $subscription.Parent.Length)
$subscriptionId = $scope.Replace("/subscriptions/", "")
Write-Host "Subscription [$($subscription.DisplayName) - $subscriptionId]"
Set-AzContext -SubscriptionId $subscriptionId | Out-Null
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
$allResourceGroups = Get-AzResourceGroup
[ResourceCheck[]]$Result = @()
foreach ($group in $allResourceGroups) {
$allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
foreach ($vault in $allVaults) {
Write-Host $vault.VaultName
$vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
if ($vaultWithAllProps.EnableRbacAuthorization -ne "TRUE") {
Write-Host " -- processing..."
Set-AzKeyVaultAccessPolicy -VaultName $vault.VaultName -ObjectId $userObjectId -PermissionsToSecrets "List"
$secrets = Get-AzKeyVaultSecret -VaultName $vault.VaultName
foreach($secret in $secrets)
{
[ResourceCheck] $resourceCheck = [ResourceCheck]::new()
$resourceCheck.ManagementGroupId = $managementGroup.Id
$resourceCheck.ManagementGroupName = $managementGroup.DisplayName
$resourceCheck.SubscriptionId = $subscription.Id
$resourceCheck.SubscriptionName = $subscription.Name
$resourceCheck.ResourceGroup = $vaultWithAllProps.ResourceGroupName
$resourceCheck.ResourceId = $vaultWithAllProps.ResourceId
$resourceCheck.Location = $vaultWithAllProps.Location
$resourceCheck.ResourceName = $vaultWithAllProps.VaultName
$resourceCheck.Secret_Key = $secret.Name
$resourceCheck.Tag_Team = $vaultWithAllProps.Tags.team
$resourceCheck.Tag_Product = $vaultWithAllProps.Tags.product
$resourceCheck.Tag_Environment = $vaultWithAllProps.Tags.environment
$resourceCheck.Tag_Data = $vaultWithAllProps.Tags.data
$resourceCheck.Tag_CreatedOnDate = $vaultWithAllProps.Tags.CreatedOnDate
$resourceCheck.Tag_Deployment = $vaultWithAllProps.Tags.drp_deployment
$Result += $resourceCheck
}
Remove-AzKeyVaultAccessPolicy -VaultName $vault.VaultName -ObjectId $userObjectId
}
}
}
$Result | Export-Csv -Path $fileName -Append -NoTypeInformation
}
}
Write-Host "======================================================================================================================================================================"
Write-Host "Done."

8
Powershell/Lists/Azure/WebApps.ps1
View File

@@ -78,7 +78,7 @@ foreach ($managementGroup in $managementGroups)
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------" Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
Write-Host "Management group [$($managementGroup.Name)]" Write-Host "Management group [$($managementGroup.Name)]"
$subscriptions = Get-AzManagementGroupSubscription -Group $managementGroup.Name | Where-Object State -eq "Active" $subscriptions = Get-AzManagementGroupSubscription -Group $managementGroup.Name | Where-Object State -eq "Active" | Where-Object DisplayName -NotLike "Visual Studio*"
foreach ($subscription in $subscriptions) foreach ($subscription in $subscriptions)
{ {
@@ -94,12 +94,12 @@ foreach ($managementGroup in $managementGroups)
foreach ($group in $allResourceGroups) { foreach ($group in $allResourceGroups) {
Write-Host $group.ResourceGroupName
$allWebApps = Get-AzWebApp -ResourceGroupName $group.ResourceGroupName $allWebApps = Get-AzWebApp -ResourceGroupName $group.ResourceGroupName
foreach ($webApp in $allWebApps) { foreach ($webApp in $allWebApps) {
Write-Host $webApp.Name
[ResourceCheck] $resourceCheck = [ResourceCheck]::new() [ResourceCheck] $resourceCheck = [ResourceCheck]::new()
$resourceCheck.ResourceId = $webApp.Id $resourceCheck.ResourceId = $webApp.Id
$resourceCheck.Kind = $webApp.Kind $resourceCheck.Kind = $webApp.Kind
@@ -133,6 +133,8 @@ foreach ($managementGroup in $managementGroups)
foreach ($slotTemp in $allSlots) { foreach ($slotTemp in $allSlots) {
Write-Host $slotTemp.Name
[string] $slotName = $slotTemp.Name.Split("/")[1] [string] $slotName = $slotTemp.Name.Split("/")[1]
$slot = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup -Slot $slotName $slot = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup -Slot $slotName

2
Powershell/Lists/DevOps/ServiceConnections.ps1
View File

@@ -17,7 +17,7 @@ Write-Host "====================================================================
Write-Host "Creating service connection overview." Write-Host "Creating service connection overview."
Write-Host "========================================================================================================================================================================" Write-Host "========================================================================================================================================================================"
$token = "{INSERT_PERSONAL_ACCESS_TOKEN}" $token = "adlgsqh2uoedv6rf44hjd47z3ssuo5zonrqicif4ctjqlqqtlhdq"
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)")) $token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
$organization = "effectory" $organization = "effectory"
$project = "Survey%20Software" $project = "Survey%20Software"

8
Powershell/Tools/Storage Account Azure Defender settings.ps1
View File

@@ -117,11 +117,11 @@ foreach ($managementGroup in $managementGroups)
$resourceCheck.PreviousOverrideSubscription = GetAzureDefender -resourceId $resource.Id $resourceCheck.PreviousOverrideSubscription = GetAzureDefender -resourceId $resource.Id
# set overrideSubscriptionLevelSettings # set overrideSubscriptionLevelSettings
if ($resourceCheck.Tag_BackupPolicy.ToLower() -eq "ignore" -and $resourceCheck.PreviousOverrideSubscription -eq "False") { # if ($resourceCheck.Tag_BackupPolicy.ToLower() -eq "ignore" -and $resourceCheck.PreviousOverrideSubscription -eq "False") {
$resourceCheck.Action = "Turned off" # $resourceCheck.Action = "Turned off"
TurnOffAzureDefender -resourceId $resource.Id # TurnOffAzureDefender -resourceId $resource.Id
} # }
$Result += $resourceCheck $Result += $resourceCheck
} }