jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a226ca97ac5ff98c4690f71d3283d84a4b092c9d
Cloud-20Engineering/Powershell/Lists/README.md
Jurjen Ladenius a226ca97ac added documetation
2025-11-03 08:12:01 +01:00

250 lines
8.9 KiB
Markdown
Raw Blame History

# PowerShell List Scripts Collection
This directory contains a comprehensive collection of PowerShell scripts for generating inventory and reporting data across various platforms and services. Each script produces timestamped CSV exports with detailed information for analysis, compliance, and governance purposes.
## 📋 Table of Contents
- [Azure Scripts](#-azure-scripts)
- [Azure DevOps Scripts](#-azure-devops-scripts)
- [Entra ID (Azure AD) Scripts](#-entra-id-azure-ad-scripts)
- [Security & Vulnerability Scripts](#-security--vulnerability-scripts)
- [SQL Database Scripts](#-sql-database-scripts)
- [Application-Specific Scripts](#-application-specific-scripts)
- [Prerequisites](#-prerequisites)
- [Usage Guidelines](#-usage-guidelines)
---
## 🔵 Azure Scripts
### Resource Inventory & Management
| Script | Description | Output |
|--------|-------------|---------|
| **Resources.ps1** | Comprehensive Azure resource inventory across all subscriptions | CSV with resource metadata, tags, managed identities |
| **AzureRBAC.ps1** | RBAC assignment analysis with PIM detection across Azure hierarchy | CSV with assignment details, PIM status, scope analysis |
| **ManagementGroups.ps1** | Management group hierarchy and subscription mapping | CSV with organizational structure |
### Storage & Data
| Script | Description | Output |
|--------|-------------|---------|
| **AzureStorageBlobList.ps1** | Blob storage inventory across storage accounts | CSV with blob details, metadata, access tiers |
| **AzureStorageTableListEntities.ps1** | Table storage entity enumeration | CSV with table entities and properties |
### Security & Access
| Script | Description | Output |
|--------|-------------|---------|
| **KeyVaults.ps1** | Key Vault inventory with configuration details | CSV with vault properties, access policies |
| **KeyVaultAccessPolicies.ps1** | Detailed Key Vault access policy analysis | CSV with permission mappings |
| **KeyVaultNonRBACSecrets.ps1** | Non-RBAC managed Key Vault secrets inventory | CSV with legacy access policy secrets |
| **Certificates.ps1** | Certificate inventory across Key Vaults | CSV with certificate details, expiration dates |
| **AzurePIM.ps1** | Privileged Identity Management assignments | CSV with PIM role assignments and status |
### Networking & Applications
| Script | Description | Output |
|--------|-------------|---------|
| **WebApps.ps1** | App Service and Web App inventory | CSV with app configurations, settings |
| **FrontDoorRoutes.ps1** | Azure Front Door routing configuration | CSV with route mappings and rules |
| **ServiceBus.ps1** | Service Bus namespaces and entity inventory | CSV with queues, topics, subscriptions |
### Monitoring & Alerts
| Script | Description | Output |
|--------|-------------|---------|
| **AlertRules.ps1** | Azure Monitor alert rules inventory | CSV with alert configurations |
| **AppInsightsWorkspace.ps1** | Application Insights workspace details | CSV with workspace configurations |
---
## 🔵 Azure DevOps Scripts
| Script | Description | Output |
|--------|-------------|---------|
| **Repositories.ps1** | Repository inventory with last pull request details | CSV with repo metadata, recent PR info |
| **PullRequests.ps1** | Pull request history and statistics | CSV with PR details, reviewers, completion data |
| **Pipelines.ps1** | Build and release pipeline inventory | CSV with pipeline configurations |
| **ServiceConnections.ps1** | Service connection inventory and status | CSV with connection details, permissions |
| **RepositoriesWithTestAccept.ps1** | Repositories with specific testing configurations | CSV with test acceptance criteria |
| **renovate-stats.ps1** | Renovate bot statistics and dependency updates | CSV with update metrics |
---
## 🟢 Entra ID (Azure AD) Scripts
| Script | Description | Output |
|--------|-------------|---------|
| **GroupMemberships.ps1** | Recursive group membership analysis with circular reference detection | CSV with complete membership hierarchy |
| **UserLastLoginList.ps1** | User last login analysis for group members | CSV with login activity and user status |
---
## 🔴 Security & Vulnerability Scripts
### Snyk Integration
| Script | Description | Output |
|--------|-------------|---------|
| **SnykOverview.ps1** | Comprehensive Snyk organization and project inventory | CSV with project metadata, vulnerability counts |
| **SBOM.ps1** | Software Bill of Materials generation with enhanced package metadata | CSV with dependency details, vulnerability data, deprecation status |
---
## 🟡 SQL Database Scripts
| Script | Description | Output |
|--------|-------------|---------|
| **SQLUserCheck.ps1** | Multi-server SQL database user audit with authentication analysis | CSV with user accounts, permissions, authentication types |
---
## 🟣 Application-Specific Scripts
### MyEffectory
| Script | Description | Output |
|--------|-------------|---------|
| **GroupMappingsCheck.ps1** | Application-specific group mapping validation | CSV with mapping configurations |
---
## 📋 Prerequisites
### Required PowerShell Modules
```powershell
# Azure modules
Install-Module Az.Accounts, Az.Resources, Az.Storage, Az.KeyVault, Az.Monitor
Install-Module Microsoft.Graph.Identity.Governance
# Azure DevOps
Install-Module VSTeam
# SQL Server
Install-Module SqlServer
# Microsoft Graph
Install-Module Microsoft.Graph.Users, Microsoft.Graph.Groups
```
### Authentication Requirements
- **Azure**: `Connect-AzAccount` with appropriate RBAC permissions
- **Microsoft Graph**: `Connect-MgGraph` with required scopes
- **Azure DevOps**: Personal Access Token or OAuth authentication
- **SQL Server**: Azure AD authentication or SQL authentication
### Permission Requirements
| Platform | Required Permissions |
|----------|---------------------|
| **Azure** | Reader or higher on target resources, PIM Admin for PIM detection |
| **Entra ID** | Directory Reader, Group Member Read permissions |
| **Azure DevOps** | Project Reader, Repository Read permissions |
| **SQL Server** | Database Reader, View Server State permissions |
| **Snyk** | API token with Organization Read permissions |
---
## 🚀 Usage Guidelines
### Basic Execution
```powershell
# Run any script directly
.\Azure\Resources.ps1
.\DevOps\Repositories.ps1
.\Entra\GroupMemberships.ps1
```
### With Parameters (where supported)
```powershell
# Single subscription analysis
.\Azure\AzureRBAC.ps1 -SubscriptionId "your-subscription-id"
# Enable detailed debugging
.\Azure\AzureRBAC.ps1 -DetailedDebug
# Custom organization/project
.\DevOps\Repositories.ps1 -Organization "myorg" -Project "myproject"
```
### Output Management
All scripts generate timestamped CSV files in the format:
```
YYYY-MM-DD HHMM script_description.csv
```
### Best Practices
1. **Pre-Authentication**: Ensure proper authentication before running scripts
2. **Permissions**: Verify required permissions for target resources
3. **Network Connectivity**: Ensure access to required APIs and services
4. **Output Storage**: Consider output file locations and security
5. **Scheduling**: Many scripts are suitable for scheduled execution
6. **Error Handling**: Review script output for any errors or warnings
### Troubleshooting
- **Authentication Issues**: Verify token expiration and scope permissions
- **API Throttling**: Some scripts may encounter rate limits with large datasets
- **Permission Errors**: Ensure service principals or user accounts have sufficient privileges
- **Network Connectivity**: Verify access to required endpoints and APIs
---
## 📊 Output Analysis
### Common CSV Columns
Most scripts include standardized columns for:
- **Timestamps**: Creation and modification dates
- **Identifiers**: Unique IDs, names, and references
- **Governance**: Tags, ownership, environment classification
- **Security**: RBAC assignments, permissions, authentication types
- **Metadata**: Configuration details, status information
### Integration Options
- **Power BI**: Direct CSV import for dashboard creation
- **Excel**: Advanced filtering and pivot table analysis
- **Database**: Bulk import for historical trending
- **Automation**: Scheduled execution with result processing
---
## 🔄 Maintenance
### Regular Updates
- **Module Versions**: Keep PowerShell modules updated
- **API Changes**: Monitor for service API modifications
- **Permission Changes**: Verify continued access to required resources
- **Script Enhancements**: Check for new features and improvements
### Version Control
All scripts are maintained under version control with:
- Change tracking and history
- Documentation updates
- Testing and validation
- Community contributions
---
## 📞 Support
For issues, questions, or contributions:
- Review script help documentation (`Get-Help .\ScriptName.ps1 -Full`)
- Check error messages and troubleshooting sections
- Verify prerequisites and permissions
- Consult platform-specific documentation
---
*Last Updated: October 31, 2025*
*Script Collection Version: 2.0*
Reference in New Issue View Git Blame Copy Permalink