Azure Resource Providers

Introduction

Leaving your house unlocked feels unsafe, right? The same goes for your Azure subscription. Microsoft keeps it secure by default, and you need to unlock parts (Azure Resource Providers) as needed. There are a lot of them, this is why we programmatically register Azure Resource Providers.

Why Are There Azure Resource Providers?

An Azure Resource Provider is a set of REST operations enabling functionality for specific Azure services, like Microsoft.KeyVault for managing vaults, secrets, keys, and certificates.

Azure Resource Providers protect your Azure Subscription from unwanted deployments that could lead to high costs or organizational harm.

Once an Azure Resource Provider is registered in your subscription, you can manage these resources using various SDKs, CLIs, or the Azure Portal.

The resource provider defines the Azure resources you can deploy to your Azure Subscription. A resource type's name follows the format: {resource-provider}/{resource-type}. The resource type for a key vault is Microsoft.KeyVault/vaults..

Programmatically register Azure Resource Providers?

By default Azure registers 15 Azure Resource Providers n your Azure Subscription. But these are not the Azure Resource Providers you need for a new cloud-native data & analytics platform such as FFA TITAN.

In order to automatically we need to set up two things, (1) security, and (2) powershell-script

Security

To programmatically Register Azure Resource Providers you need to have a Microsoft Entra User Account or a -Service Principal that has the ‘contributor’-role assigned to it in your Azure Subscription. However, when you would need to deploy a new cloud-native data & analytics platform addtitional resource providers must be regsitered.

Powershell-script

For FFA TITAN to be deployed we need a lot of providers to be registered and we can register them in two ways:

1. manually - through the azure portal;
2. programmatically - through a simple powershell script

As humans we prefer to be lazy over tired any time of the day. So at Food For Analytics we’ve written a small powershell-script that can be executed locally, remotely, or within azure devops-pipeline for bootstrapping your Azure Subscription. We do the latter, as we roll out FFA TITAN to multiple tenants and subscriptions. Manually bootstrapping them is error prone and we get tired. no bueno.

Our powershell-script for programmatically registering Azure Resource Providers:

Powershell-script Explanation

1. Get Environment Variables: Retrieves necessary credentials and subscription ID.
2. Install Azure Module: Ensures the Az module is installed.
3. Create Credential Object: Uses the provided credentials to create a PSCredential object.
4. Connect to Tenant: Authenticates to the Azure tenant using the service principal credentials.
5. Select Subscription: Sets the target Azure subscription.
6. Get Unregistered Providers: Fetches the list of unregistered Azure Resource Providers.
7. Register Providers: Iterates through each unregistered provider and registers it, skipping any problematic providers (like Wandisco).

note: this is a script that registers a wide set of Azure Resource Providers. I strongly recommend to only register the providers that you actually need to deploy your own platform in your Azure Subscription (we did this as well).

Conclusion

This PowerShell script helps automate the registration of necessary Azure Resource Providers, ensuring efficient and error-free setup of your Azure environment. For best practices, register only the providers essential for your specific platform deployment.

FAQ