Tag: Tags


Azure Arc enabled Server AWS Linux machine with automatic tags

Azure Arc enabled Server – Store AWS instance metadata as Azure tag

If you want to onboard an AWS EC2 instance (virtual machine) to Azure using Azure Arc for multicloud management, you might want to store some of the AWS instances metadata as Azure tags for your Azure Arc enabled server. One of the easiest ways is to set these tags during the onboarding process of an Azure Arc-enabled server from AWS. AWS instances offer a service to retrieve instance metadata directly from the running instance, so you do not need to use the Amazon EC2 console or the AWS CLI (This is similar to the Azure Instance Metadata Service on Azure VMs).

On AWS EC2 instances running Windows you can run the following PowerShell command to see the metadata available:

Invoke-RestMethod -Headers @{"Metadata"="true"} -Method GET -Uri http://169.254.169.254/latest/meta-data/

Now in my example, I want to store the AWS region as well as the AWS instance Id as an Azure tag for my Azure Arc enabled server. For onboarding the AWS instance, I use the Azure arc onboarding method by using a service principal. This is the simple script you can use, don’t forget to replace the variables for subscription ID, tenant ID, resource group, and more.

# Get AWS Instance data
$AWSRegion = Invoke-RestMethod -Headers @{"Metadata"="true"} -Method GET -Uri http://169.254.169.254/latest/meta-data/placement/region
$AWSInstanceId = Invoke-RestMethod -Headers @{"Metadata"="true"} -Method GET -Uri http://169.254.169.254/latest/meta-data/instance-id

# Create Tags
$tags = "Datacenter=AWS,CountryOrRegion=Germany,AWSRegion=$AWSRegion,AWSInstanceID=$AWSIsntanceId"

# Add the service principal application ID and secret here
$servicePrincipalClientId="<service principal id>"
$servicePrincipalSecret="<service principal secret>"

# Download the installation package
Invoke-WebRequest -Uri "https://aka.ms/azcmagent-windows" -TimeoutSec 30 -OutFile install_windows_azcmagent.ps1

# Install the hybrid agent
& "$PSScriptRoot\install_windows_azcmagent.ps1"
if($LASTEXITCODE -ne 0) {
    throw "Failed to install the hybrid agent"
}

# Run connect command
& "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --service-principal-id "$servicePrincipalClientId" --service-principal-secret "$servicePrincipalSecret" --resource-group "<resourcegroup>" --tenant-id "<tenantid>" --location "<azureregion>" --subscription-id "<subscriptionid>" --cloud "AzureCloud" --tags "$tags" --correlation-id "<correlationid>"

if($LastExitCode -eq 0){Write-Host -ForegroundColor yellow "To view your onboarded server(s), navigate to https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.HybridCompute%2Fmachines"}
Azure Arc enabled Server AWS Windows Server machine with automatic tags
Azure Arc enabled Server AWS Windows Server machine with automatic tags

If you are onboarding an AWS EC2 instance running Linux to Azure Arc, you can use the following command to automatically add tags during the onboarding process.

# Get AWS Instance data
awsregion="$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/placement/region)"
awsinstanceid="$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id)"

# Create Tags
tags="Datacenter=AWS,CountryOrRegion=Germany,AWSRegion=$awsregion,AWSInstanceID=$awsinstanceid"

# Add the service principal application ID and secret here
$servicePrincipalClientId="<service principal id>"
$servicePrincipalSecret="<service principal secret>"

# Download the installation package
wget https://aka.ms/azcmagent -O ~/install_linux_azcmagent.sh

# Install the hybrid agent
bash ~/install_linux_azcmagent.sh

# Run connect command
azcmagent connect --service-principal-id "$servicePrincipalClientId" --service-principal-secret "$servicePrincipalSecret" --resource-group "<resourcegroup>" --tenant-id "<tenantid>" --location "<azureregion>" --subscription-id "<subscriptionid>" --cloud "AzureCloud" --tags "$tags" --correlation-id "<correlationid>"


if [ $? = 0 ]; then echo "\033[33mTo view your onboarded server(s), navigate to https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.HybridCompute%2Fmachines\033[m"; fi
Azure Arc enabled Server AWS Linux machine with automatic tags
Azure Arc enabled Server AWS Linux machine with automatic tags

Of course, there is way more metadata you can get from the machine itself. Maybe not everything you need, but at least you have access to some of the data.

AWS EC2 instance metadata
AWS EC2 instance metadata

I hope this article was helpful and showed you how you can store some of the AWS instances metadata as Azure tags for your Azure Arc enabled server. If you have any questions feel free to leave a comment.

How to add a server to Azure using Azure Arc



Azure Tags

Use Azure Tags to organize Resources

I started with a blog about Locks in Azure, which is one of the basic Azure Governance features provided by Azure Resource Manager. In this second blog, I want to give you a quick overview of how you can use tags to organize your Azure resources. As mentioned before governance in Azure provides you with the necessary tools to take advantage of the speed and agility the cloud promises, without losing control over your environment.

Cloud-Native Governance

Cloud-Native Governance

When you start working with Azure, you realize that you will have suddenly many resources. If you work for a company or team, you will realize that at one point it will be difficult to identify resources, find out who they belong to, or are they still needed, and are the production or development, who is paying for it, and many more questions are coming up.