Validating Azure resources before moving the resources to another subscription – Part 1
As a technical specialist working with one of Microsoft Malaysia’s Cloud Solution Provider, partners often ask me about how to move or migrate resources from a Azure Pay-As-You-Go subscription to a CSP Azure subscription. Well, we do provide such services but some partners are wiling to learn so that they can do it themselves.
My answer to them is that, it’s a very tedious work and a lot of manual work involved. Also, majority of the steps can be taken from the Microsoft documentation online. The most important part is to determine what can be moved and what can’t be moved.
This is where we would do a pre-assessment. First is to extract a list of resources that you have and then do a manual cross-checking on the supported resources. Doing this probably would just give you about 70-80% accuracy because there may be other underlying issues that may block the resources to be moved, even though documentation says that it’s OK to move. To make things easier, you might also want to check out Jack Tracey’s blog at https://jacktracey.co.uk/migration/azure-subscription-migrations/ . Brilliantly came up with a Azure resource migration support tool which I find it’s really useful.
Anyway, story aside. The purpose of this post is actually to let you guys know that, there’s always a way to perform resource validation without actually moving the resource. It’s by using the REST API . I’m not expert on this but with some research done, you’ll find this method helps in validating eligible resources that can be moved..
Now, what do you need to get it work ?
- Azure Service Principal / App registration
- Tenant Id
- SubscriptionId for both source and target subscription
- Source and target names of resource groups
- Postman
Step 1 – You must create an Azure service principal by registering an Application via the Azure Active Directory. You can either do this through the portal or using powershell https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-3.8.0
Step 2 – create a client secret by going to Certificates & Secret tab within the App that you’ve just created, as you will be needing this later on.
Step 3 – assign the App as a Contributor in both the source and target subscription.
Now let’s go to Part 2