Share via

Azure cleaning-up environment

Carolina Zamisnicu 316 Reputation points
2021-06-15T11:45:38.5+00:00

Hello,

I want to do a clean-up for my Azure environment.
I will like to know how can I see if a deployment in my subscription or resource group was made: manually from Azure OR from Terraform OR from any other entities. I do not know how can I see that in Azure.
I want to investigate every unused object, more precisely who created it, how was created (manual or other entities).
For example I noticed that when I erase a VM, the disk remained and it's orphaned, but I accidentally noticed it and I was wondering if Azure has a service that can help you identify/scan the orphaned objects that are not used anymore or if they remained in the back due to deletion or movement of the parent object (this is also available for NICs, IPs etc which are not associated with anything in the environment).
This is very important as the remaining objects consume money and space on the subscription and I will want to make this cleaning up on the environment once per month if it's possible.
Can you guide me through on how can I achieve this?

Azure VMware Solution
Azure VMware Solution
An Azure service that runs native VMware workloads on Azure.
341 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,597 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. kobulloc-MSFT 26,131 Reputation points Microsoft Employee
    2021-06-15T17:58:43.443+00:00

    Hello!

    First, a quick aside:

    Identifying who created a resource is an area where we get a lot of feedback and I encourage you to vote (as I have done) to help improve functionality in Azure:

    https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/12469968-how-to-identify-who-created-the-virtual-machine-or

    In regards to orphaned resources, resource groups are designed to group resources that have a similar lifecycle so in theory resource groups would be deleted at end of life rather than individual resources (although I know that's not always how things happen).

    Now, on to answering your question:

    Option 1 - View the Activity Log
    The activity log will show you all events as well as who initiated each event. In the portal you can go to the resource group > Activity log > Activity > Event initiated by to see who initiated any given event. Note that there is also a JSON format where you can see additional information like "caller" (gives you the caller's email address), and surname/given name under "claims". This functionality is also available in PowerShell using the az module and Azure CLI:

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs

    The activity logs can be analyzed more extensively using Azure Monitor services like Log Analytics (this is where you would create a query to search for the criteria you are interested in):

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs

    Note: The activity log currently goes back 90 days. You can export the activity log to create an archived copy however this needs to be done before the 90 days are up:

    https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log

    105839-image.png

    Option 2 - Tags
    Tags are a very useful option for tracking information about a resource group and allows for a great amount of customization however this does need to be part of the initial setup to be effective for a scenario like yours.

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json

    Additionally, there are two great resources from Itay Shakury that are worth checking out:

    0 comments