Usage
Authentication
Azure Quick Review (azqr) supports the following authentication methods:
- Service Principal. You’ll need to set the following environment variables:
- AZURE_CLIENT_ID
- AZURE_CLIENT_SECRET
- AZURE_TENANT_ID
- Azure Managed Identity
- Azure CLI (Using this type of authentication will make scans run slower)
Authorization
Azure Quick Review (azqr) requires the following permissions:
- Subscription Reader
Running the Scan
To scan all resource groups in all subscription run:
./azqr scan
To scan all resource groups in a specific subscription run:
./azqr scan -s <subscription_id>
To scan a specific resource group in a specific subscription run:
./azqr scan -s <subscription_id> -g <resource_group_name>
For information on available commands and help run:
./azqr -h
Filtering Recommendations and more
You can configure Azure Quick Review to include or exclude specific subscriptions or resource groups and also exclude services or recommendations. To do so, create a yaml file with the following format:
azqr:
include:
subscriptions:
- <subscription_id> # format: <subscription_id>
resourceGroups:
- <resource_group_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
exclude:
subscriptions:
- <subscription_id> # format: <subscription_id>
resourceGroups:
- <resource_group_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
services:
- <service_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<service_provider>/<service_name>
recommendations:
- <recommendation_id> # format: <recommendation_id>
Then run the scan with the --filters flag:
./azqr scan --filters <path_to_yaml_file>
Check the rules to get the recommendation ids.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.