This repository provides an automated solution for tagging newly created Azure resources with essential metadata such as the creator's name, email, and date of creation. It leverages Terraform to provision Azure resources and an Azure Function App to handle tagging dynamically. This setup ensures that all new resources are tagged consistently and accurately, enhancing resource management and compliance.
- Automated Tagging: Automatically adds tags to newly created resources, ensuring consistency across your Azure environment.
- Custom Metadata: Tags include the creator's name, email, and date of creation, which helps in tracking and accountability.
- Passwordless Authentication: Utilizes managed identities and app registrations for secure, passwordless authentication.
- Infrastructure as Code: Uses Terraform to provision and manage Azure resources, providing reproducibility and ease of management.
-
Terraform: Provisions Azure resources including:
- Resource Group
- Function App
- Storage Account
- Storage Container
- Application Insights and Log Analytics
- Event Grid Topic and Subscription
- User Assigned Identities and Roles
-
Azure Function App: Receives events from Azure Event Grid and applies tags to newly created resources based on the event data.
Calls from Function App to storage account are authenticated using Managed Identity. Storage Blob Data Contributor permission granted to Function App to aquire locks in blob.
Calls from Function App to Azure Management are authenticated using Managed Identity. Minimally required permissions granted (Tag Contributor & Reader) and attached to subscription
Calls from Event Grid to Function App are authenticated using Entra ID. Requests authenticated with corrrect Tenant ID + Application ID (Microsoft.EventGrid) + Audience of Function App are permitted
Before using this repository, ensure you have:
- Terraform installed.
- Azure CLI installed and configured.
- An Azure subscription with sufficient permissions to create and manage resources.
git clone https://github.com/vlche/azure-tagger.git
cd azure-tagger
- Initialize Terraform: Run the following command to initialize Terraform and download necessary providers.
cd tf
terraform init
-
Configure Variables: Update the
tf/variables.tf
andvars.sh
files with your specific configuration, including names, regions, and any other required parameters. -
Plan and Apply: Generate an execution plan and apply it to provision the resources.
scripts/tf_plan.sh
scripts/tf_apply.sh
-
The apply will fail during the initial phase, since no Function is deployed into Function App yet
-
Upload the Function into Function App
-
Plan and Apply: Generate an execution plan and apply it to provision Event Subscription.
Upon next updates regular Plan and Apply sequence should work like a charm.
Build and pack source code from src
directory. You can use embedded helper scripts to do it semi-automated.
scrips/build.sh
-
Configure the Function App: Ensure the Azure Function App is set up to use the appropriate environment variables and has the correct permissions to access the Event Grid subscription.
-
Deploy Function Code: Deploy your Azure Function code using technique implemented in
scripts/upload.sh
. ( Upload pre-built code into azure blob storage container, point Function App to start from zip package ).
Once the resources are provisioned and the function app is deployed:
-
Create Resources: When new resources are created within the specified resource group, Azure Event Grid will trigger the function app.
-
Tagging: The Azure Function App will receive the event data, process it, and apply tags to the new resources with the creator's name, email, and date of creation.
-
Monitor Function App: Use Azure Monitor and Application Insights to track the performance and logs of your Azure Function App.
-
Update Terraform Configuration: Modify the Terraform configuration and redeploy as needed to accommodate changes in your infrastructure.
Terraform will take care of complete resource removal upon issuing terraform destroy
command.
Contributions to this repository are welcome. Please open an issue or submit a pull request with your changes.
This project is licensed under the MIT License. See the LICENSE file for details.
For any questions or support, please contact me.