Prometheus exporter for Azure information.
-
Uses of official Azure SDK for go
-
Supports all Azure environments (Azure public cloud, Azure governmant cloud, Azure china cloud, ...) via Azure SDK configuration
-
Docker image is based on Google's distroless static image to reduce attack surface (no shell, no other binaries inside image)
-
Available via Docker Hub and Quay (see badges on top)
-
Can run non-root and with readonly root filesystem, doesn't need any capabilities (you can safely use
drop: ["All"]
) -
Publishes Azure API rate limit metrics (when exporter sends Azure API requests)
useful with additional exporters:
- azure-resourcegraph-exporter for exporting Azure resource information from Azure ResourceGraph API with custom Kusto queries (get the tags from resources and ResourceGroups with this exporter)
- azure-metrics-exporter for exporting Azure Monitor metrics
- azure-keyvault-exporter for exporting Azure KeyVault information (eg expiry date for secrets, certificates and keys)
- azure-loganalytics-exporter for exporting Azure LogAnalytics workspace information with custom Kusto queries (eg ingestion rate or application error count)
Normally no configuration is needed but can be customized using environment variables.
(to disable specific scrape collectors set them to 0
or set SCRAPE_TIME
to 0
to disable all by default)
Usage:
azure-resourcemanager-exporter [OPTIONS]
Application Options:
--debug debug mode [$DEBUG]
-v, --verbose verbose mode [$VERBOSE]
--log.json Switch log output to json format [$LOG_JSON]
--azure-tenant= Azure tenant id [$AZURE_TENANT_ID]
--azure-environment= Azure environment name (default: AZUREPUBLICCLOUD) [$AZURE_ENVIRONMENT]
--azure-subscription= Azure subscription ID [$AZURE_SUBSCRIPTION_ID]
--azure-location= Azure locations (default: westeurope, northeurope) [$AZURE_LOCATION]
--azure-resourcegroup-tag= Azure ResourceGroup tags (default: owner) [$AZURE_RESOURCEGROUP_TAG]
--azure-resource-tag= Azure Resource tags (default: owner) [$AZURE_RESOURCE_TAG]
--scrape-time= Default scrape time (time.duration) (default: 5m) [$SCRAPE_TIME]
--scrape-ratelimit-read= Scrape time for ratelimit read metrics (time.duration) (default: 2m)
[$SCRAPE_RATELIMIT_READ]
--scrape-ratelimit-write= Scrape time for ratelimit write metrics (time.duration) (default: 5m)
[$SCRAPE_RATELIMIT_WRITE]
--scrape-time-exporter= Scrape time for exporter metrics (time.duration) (default: 10s) [$SCRAPE_TIME_EXPORTER]
--scrape-time-general= Scrape time for general metrics (time.duration) [$SCRAPE_TIME_GENERAL]
--scrape-time-resource= Scrape time for resource metrics (time.duration) [$SCRAPE_TIME_RESOURCE]
--scrape-time-quota= Scrape time for quota metrics (time.duration) [$SCRAPE_TIME_QUOTA]
--scrape-time-security= Scrape time for Security metrics (time.duration) [$SCRAPE_TIME_SECURITY]
--scrape-time-resourcehealth= Scrape time for ResourceHealth metrics (time.duration) [$SCRAPE_TIME_RESOURCEHEALTH]
--scrape-time-iam= Scrape time for IAM metrics (time.duration) [$SCRAPE_TIME_IAM]
--scrape-time-graph= Scrape time for Graph metrics (time.duration) [$SCRAPE_TIME_GRAPH]
--scrape-time-costs= Scrape time for costs/consumtion metrics (time.duration; BETA) (default: 0)
[$SCRAPE_TIME_COSTS]
--graph-application-filter= Graph application filter query eg: startswith(displayName,'A') [$GRAPH_APPLICATION_FILTER]
--costs-timeframe= Timeframe for cost reportings (default: MonthToDate, YearToDate) [$COSTS_TIMEFRAME]
--costs-dimension= Dimensions for detailed cost metrics (eg
'ResourceGroup','ResourceGroupName','ResourceLocation','ConsumedService','ResourceType',
'ResourceId','MeterId','BillingMonth','MeterCategory','MeterSubcategory','Meter','AccountName',
'DepartmentName','SubscriptionId','SubscriptionName','ServiceName','ServiceTier',
'EnrollmentAccountName','BillingAccountId','ResourceGuid','BillingPeriod','InvoiceNumber',
'ChargeType','PublisherType','ReservationId','ReservationName','Frequency','PartNumber',
'CostAllocationRuleName','MarkupRuleName','PricingModel') (default: ResourceType, ResourceLocation)
[$COSTS_DIMENSION]
--portscan Enable portscan for public IPs [$PORTSCAN]
--portscan-time= Portscan time (time.duration) (default: 3h) [$PORTSCAN_TIME]
--portscan-parallel= Portscan parallel scans (parallel * threads = concurrent gofuncs) (default: 2)
[$PORTSCAN_PARALLEL]
--portscan-threads= Portscan threads (concurrent port scans per IP) (default: 1000) [$PORTSCAN_THREADS]
--portscan-timeout= Portscan timeout (seconds) (default: 5) [$PORTSCAN_TIMEOUT]
--portscan-range= Portscan port range (first-last) (default: 1-65535) [$PORTSCAN_RANGE]
--metrics.resourceid.lowercase Publish lowercase Azure Resoruce ID in metrics [$METRIC_RESOURCEID_LOWERCASE]
--cache-path= Cache path [$CACHE_PATH]
--bind= Server address (default: :8080) [$SERVER_BIND]
Help Options:
-h, --help Show this help message
for Azure API authentication (using ENV vars) see https://github.com/Azure/azure-sdk-for-go#authentication
Please use azure-resourcegraph-exporter
for exporting resources.
This exporter is using Azure ResourceGraph queries and not wasting Azure API calls for fetching metrics.
azure-resourcegraph-exporter
provides a way how metrics can be build by using Kusto queries.
This exporter needs Reader
permissions on subscription level.
For Azure write rate limits it tries to tag the subscription with an empty tag set (actually no changes).
For this operation it needs Microsoft.Resources/tags/write
on scope /subscription/*
.
To disable write rate limits set SCRAPE_RATELIMIT_WRITE
to 0
.
Metric | Collector | Description |
---|---|---|
azurerm_stats |
Exporter | General exporter stats |
azurerm_consumtion_bugdet_info |
Costs | Azure CostManagement bugdet information |
azurerm_consumtion_bugdet_limit |
Costs | Limit of CostManagemnet budget |
azurerm_consumtion_bugdet_current |
Costs | Current costs of CostManagement budget |
azurerm_consumtion_bugdet_usage |
Costs | Current budget usage in percentage |
azurerm_costmanagement_overall_usage |
Costs | CostManagement "usage" metric with timeframes by Subscription and ResourceGroup |
azurerm_costmanagement_overall_actualcost |
Costs | CostManagement "actualcosts" metric with timeframes by Subscription and ResourceGroup |
azurerm_costmanagement_detail_usage |
Costs | CostManagement "usage" metric with timeframes by Subscription and ResourceGroup and cost dimensions (see COSTS_DIMENSION ) |
azurerm_costmanagement_detail_actualcost |
Costs | CostManagement "actualcosts" metric with timeframes by Subscription and ResourceGroup and cost dimensions (see COSTS_DIMENSION ) |
azurerm_subscription_info |
General | Azure Subscription details (ID, name, ...) |
azurerm_resource_health |
Health | Azure Resource health information |
azurerm_iam_roleassignment_info |
IAM | Azure IAM RoleAssignment information |
azurerm_iam_roledefinition_info |
IAM | Azure IAM RoleDefinition information |
azurerm_iam_principal_info |
IAM | Azure IAM Principal information |
azurerm_quota_info |
Quota | Azure RM quota details (readable name, scope, ...) |
azurerm_quota_current |
Quota | Azure RM quota current (current value) |
azurerm_quota_limit |
Quota | Azure RM quota limit (maximum limited value) |
azurerm_quota_usage |
Quota | Azure RM quota usage in percent |
azurerm_resourcegroup_info |
Resource | Azure ResourceGroup details (subscriptionID, name, various tags ...) |
azurerm_resource_info |
Resource | Azure Resource information |
azurerm_securitycenter_compliance |
Security | Azure SecurityCenter compliance status |
azurerm_advisor_recommendation |
Security | Azure Advisory recommendations (eg. security findings) |
azurerm_graph_app_info |
Graph | AzureAD graph application information |
azurerm_graph_app_credential |
Graph | AzureAD graph application credentials (create,expiry) information |
azurerm_ratelimit |
all (if detected) | Azure API ratelimit (left calls) |
azurerm_publicip_info |
Portscan | Azure PublicIP information |
azurerm_publicip_portscan_status |
Portscan | Status of scanned ports (finished scan, elapsed time, updated timestamp) |
azurerm_publicip_portscan_port |
Portscan | List of opened ports per IP |