dokuwiki

User Tools

Site Tools

Trace: note module-1-cisco-web-security-appliance module-5-cisco-firepower-nextgeneration-ips eventhub microsoft module-8-mobile_security_and_exploitation_android_and_ios resourcegraphexplorer
burim:azure:resourcegraphexplorer

Table of Contents

search for subnets

Resources
| where type =~ 'microsoft.network/virtualnetworks'
| mv-expand subnet = properties.subnets
| extend subnetName = tostring(subnet.name)
| where subnetName == 'AzureBastionSubnet'
| extend addressPrefix = tostring(coalesce(subnet.properties.addressPrefix,
                                           subnet.properties.addressPrefixes[0]))
| where name in~ (
    'vnet1',
    'vnet2',
    'vnet3',
    'vnet4'
)
| project subscriptionId,
          resourceGroup,
          vnetName = name,
          subnetName,
          addressPrefix,
          location
| order by subscriptionId, resourceGroup

Conversation Transcript

—- ~~SUMMARY~~ This page captures every turn of our ChatGPT session covering Azure Bastion subnet exports with both Azure CLI and Azure Resource Graph methods, plus formatting guidance.

Turn 1 – User

bastion subnet export

Turn 2 – Assistant

Do you mean you’d like to export the configuration of a Bastion subnet (for example in Azure or AWS) into something like Terraform / Bicep / CloudFormation, or are you trying to pull the current subnet’s address range, route table, etc., into a file? Let me know which cloud or tooling you’re using and what exactly you want to export so I can give you the right steps.

Turn 3 – User

i want an export of all my bastion subnet in azure using az cli

Turn 4 – Assistant

Below is a ready‑to‑run Bash script that will enumerate every Azure Bastion subnet (`AzureBastionSubnet`) in all the subscriptions your account can access and export the results to both JSON and CSV.

What it does

  • Gets all accessible subscriptions
  • Switches context into each subscription
  • Lists every virtual network’s subnets and filters for `AzureBastionSubnet`
  • Collects the key details (subscriptionId, resourceGroup, vnetName, addressPrefix, location)
  • Writes the array to
    • `bastion_subnets.json` (complete JSON)
    • `bastion_subnets.csv` (handy for Excel / Power BI)
#!/usr/bin/env bash
# export_bastion_subnets.sh
 
set -euo pipefail
 
echo "Collecting Azure Bastion subnets from all subscriptions…"
 
tmp_json="$(mktemp)"
 
while IFS=$'\t' read -r subName subId; do
  echo "→ Subscription: $subName  ($subId)"
  az account set --subscription "$subId"
 
  az network vnet list --query \
    "[].{resourceGroup:resourceGroup, vnetName:name, location:location, subnets:subnets[?name=='AzureBastionSubnet']}" \
    -o json | jq -c '.[] | select(.subnets != null and .subnets | length > 0) | 
        {subscriptionId:"'"$subId"'", resourceGroup, vnetName, location, 
         addressPrefix:(.subnets[0].addressPrefix)}' >> "$tmp_json"
 
done < <(az account list --query "[].{name:name,id:id}" -o tsv)
 
jq -s '.' "$tmp_json" > bastion_subnets.json
rm "$tmp_json"
 
jq -r '
  ["subscriptionId","resourceGroup","vnetName","addressPrefix","location"],
  (.[] | [.subscriptionId, .resourceGroup, .vnetName, .addressPrefix, .location])
' bastion_subnets.json > bastion_subnets.csv
 
echo "✔ Done!"
echo "  • bastion_subnets.json  – full‑fidelity export"
echo "  • bastion_subnets.csv   – tabular view for spreadsheets"

How to run

chmod +x export_bastion_subnets.sh
az login
sudo apt-get install jq   # or your package manager
./export_bastion_subnets.sh

One‑liner for a single subscription

az network vnet list \
  --query "[].subnets[?name=='AzureBastionSubnet'].[id,addressPrefix]" \
  -o table

Turn 5 – User

does it work with graph explorer

Turn 6 – Assistant

Short answer – Yes, with Azure Resource Graph Explorer (ARG Explorer). If you meant Microsoft Graph Explorer: it doesn’t expose Azure networking resources.

Ready‑to‑paste Resource Graph query

Resources
| where type =~ 'microsoft.network/virtualnetworks'
| mv-expand subnet = properties.subnets
| extend subnetName = tostring(subnet.name)
| where subnetName == 'AzureBastionSubnet'
| extend addressPrefix = tostring(coalesce(subnet.properties.addressPrefix,
                                           subnet.properties.addressPrefixes[0]))
| project subscriptionId,
          resourceGroup,
          vnetName = name,
          subnetName,
          addressPrefix,
          location
| order by subscriptionId, resourceGroup

Turn 7 – User

giv me me more details using resource graph explorer to export all azurebastion subnets

Turn 8 – Assistant

One‑paragraph overview

Azure Resource Graph (ARG) keeps a continuously‑indexed, read‑only copy of every resource you can access. With a single KQL query you can list every `AzureBastionSubnet`, then export from the portal or automate with the CLI.

Steps in ARG Explorer

  1. Open Azure Portal → Resource Graph Explorer
  2. Paste the query and press Run
  3. Click Download → CSV/JSON (limit ~55 000 rows)
  4. Need more? Page results with `az graph query –first / –skip`

CLI example

az extension add --name resource-graph       # once
az graph query -q "$(cat bastion.kql)" --first 5000 \
  -o json > bastion_subnets.json

PowerShell example

Install-Module Az.ResourceGraph -Scope CurrentUser   # once
$kql = Get-Content .\bastion.kql -Raw
Search-AzGraph -Query $kql -First 5000 |
  Export-Csv .\bastion_subnets.csv -NoTypeInformation

Turn 9 – User

give me this whole comunication in dokuwiki format

Turn 10 – Assistant (this answer)

*You’re reading it!* Copy everything in this grey box into any DokuWiki page and it will render with proper headings, code highlighting and horizontal rules.

burim/azure/resourcegraphexplorer.txt · Last modified: 2025/05/16 10:05 by burim
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki