2

I am trying to create an PowerShell script to list Azure Network Security Groups and it's rule from all subscription and export it to CSV.

Below is my code which list all the NSG Rule Name,Description,Priority,SourceAddressPrefix,SourcePortRange,DestinationAddressPrefix,DestinationPortRange,Protocol,Access and Direction.

############# List All Azure Network Security Groups #############
$subs = Get-AzSubscription

foreach ($sub in $subs) {
    Select-AzSubscription -SubscriptionId $sub.Id
    $nsgs = Get-AzNetworkSecurityGroup

    Foreach ($nsg in $nsgs) {
        $nsgRules = $nsg.SecurityRules

        foreach ($nsgRule in $nsgRules) {
            $nsgRule | Select-Object @{n='SubscriptionName';e={$sub.Name}},
                @{n='ResourceGroupName';e={$nsg.ResourceGroupName}},
                @{n='NetworkSecurityGroupName';e={$nsg.Name}},
                Name,Description,Priority,
                @{Name='SourceAddressPrefix';Expression={[string]::join(",", ($_.SourceAddressPrefix))}},
                @{Name='SourcePortRange';Expression={[string]::join(",", ($_.SourcePortRange))}},
                @{Name='DestinationAddressPrefix';Expression={[string]::join(",", ($_.DestinationAddressPrefix))}},
                @{Name='DestinationPortRange';Expression={[string]::join(",", ($_.DestinationPortRange))}},
                Protocol,Access,Direction |
                    Export-Csv "C:\Users\admin-vishal.singh\Desktop\Test\nsg\NsgRules.csv" -NoTypeInformation -Encoding ASCII -Append        
        }
    }
}

The output I am Getting for above script enter image description here

I also tried to call object Resourcegroup, SubscriptionName under $nsgRule | Select-Object it gave me blank column with header Resourcegroup, subscriptionName.

I am trying to get output like this:

enter image description here

I don't know at which for loop I need to do changes to get output like above.

Basically, I am trying to list all the Azure NSGs with Rules from all subscription with there respective ResourcegroupName, subscriptionName.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
vishalsingh1347
  • 37
  • 1
  • 8

2 Answers2

3

The extra properties you want to return belong to a different object than $nsgRule. You can still retrieve those properties through the use of Select-Object's calculated properties.

$subs = Get-AzureRmSubscription

foreach ($sub in $subs) {
    Select-AzureRmSubscription -SubscriptionId $sub.Id
    $nsgs = Get-AzureRmNetworkSecurityGroup

    Foreach ($nsg in $nsgs) {
        $nsgRules = $nsg.SecurityRules

        foreach ($nsgRule in $nsgRules) {
            $nsgRule | Select-Object @{n='SubscriptionName';e={$sub.Name}},
                @{n='ResourceGroupName';e={$nsg.ResourceGroupName}},
                @{n='NetworkSecurityGroupName';e={$nsg.Name}},
                Name,Description,Priority,
                @{Name='SourceAddressPrefix';Expression={[string]::join(",", ($_.SourceAddressPrefix))}},
                @{Name='SourcePortRange';Expression={[string]::join(",", ($_.SourcePortRange))}},
                @{Name='DestinationAddressPrefix';Expression={[string]::join(",", ($_.DestinationAddressPrefix))}},
                @{Name='DestinationPortRange';Expression={[string]::join(",", ($_.DestinationPortRange))}},
                Protocol,Access,Direction |
                    Export-Csv "C:\Vishal\NsgRules.csv" -NoTypeInformation -Encoding ASCII -Append        
        }
    }
}

$nsg contains ResourceGroupName and Name (the network security group name). $sub contains the subscription name as Name.

AdminOfThings
  • 23,946
  • 4
  • 17
  • 27
  • I tried this but it gives output as blank csv. – vishalsingh1347 Jan 15 '21 at 08:09
  • I just ran it in azure cloud shell, and it output everything. I used azure cloud storage for my output location though – AdminOfThings Jan 15 '21 at 12:58
  • I tried to run on azure cloud shell but is giving me error. `./Azurecli-nsg.ps1 "nsg list"` it gives error like below **admin-vishal_singh@Azure:~/clouddrive$ ./Azurecli-nsg.ps1 "nsg list" ./Azurecli-nsg.ps1: line 2: =: command not found ./Azurecli-nsg.ps1: line 3: $'\r': command not found ./Azurecli-nsg.ps1: line 4: syntax error near unexpected token `$sub' '/Azurecli-nsg.ps1: line 4: `foreach ($sub in $subs) {** – vishalsingh1347 Jan 15 '21 at 15:05
  • I am running the same code you posted with extra properties added to select-object. So if mine has issues, then yours should have had the same issues. – AdminOfThings Jan 15 '21 at 15:13
  • I fixed all the curly quotes that were in your original script. Maybe they are causing issues. – AdminOfThings Jan 15 '21 at 15:21
  • I think I had issue in my script with spaces, I tried to arranged code and now it worked. Thanks for Help. – vishalsingh1347 Jan 18 '21 at 08:16
0

Not sure if this helps a bit... I'm doing similar and using the az cli (which has direct conversions to powershell)

I'm taking this approach:

#get all the subs in a list
$subs_list = az account list --query [].[id] -o tsv

#loop through list of subs
foreach($sub in $subs_list)
{
    az account set --subscription $sub # change the active sub
    $rg_list = az group list | ConvertFrom-json # retrieve a list of resource groups for that sub
    foreach($rg in $rg_list) # loop through the list of resource groups
    {
        $nsg_list = az network nsg list --resource-group $rg.name | ConvertFrom-json # get the list of nsg for a resource group
        foreach($nsg in $nsg_list) # loop through the list of nsg
        {
            $nsg_rules = az network nsg rule list --nsg $nsg.name --resource-group $rg.name -o table # get a list of rules for each nsg
            $nsg_rules # print the rules to screen
        }
        

    }
}

You'll have to figure out how to format it all, but you now have the subscription object in $sub and the resource group in $rg via $rg.name or $rg.id...

I hope that helps, I'm new to this as well and this is my first question answered on here :)

John Smith
  • 73
  • 2
  • 8