Skip to main content

Getting Started with Azure

Download and Install

You can download the precompiled binary from releases, or using CLI:

curl -L -o cloudquery
chmod a+x cloudquery


Init command

After installing CloudQuery, you need to generate a cloudquery.yml file that will describe which cloud provider you want to use and which resources you want CloudQuery to ETL:

cloudquery init azure

# cloudquery init azure aws # This will generate a config containing azure and aws providers
# cloudquery init --help # Show all possible auto generated configs and flags

All official and approved community providers are listed at CloudQuery Hub with their respective documentation.

Spawn or connect to a Database

CloudQuery needs a PostgreSQL database (>=10). You can either spawn a local one (usually good for development and local testing) or connect to an existing one.

By default, cloudquery will try to connect to the database postgres on localhost:5432 with username postgres and password pass. After installing docker, you can create such a local postgres instance with:

docker run --name cloudquery_postgres -p 5432:5432 -e POSTGRES_PASSWORD=pass -d postgres

If you are running postgres at a different location or with different credentials, you need to edit cloudquery.yml - see the Connect to an Existing Database tab.

Authenticate with Azure

CloudQuery needs to be authenticated with your Azure account in order to fetch information about your cloud setup.

You can either authenticate with az login (when running cloudquery locally), or by using a "service principal" and exporting environment variables (appropriate for automated deployments).

First, install the Azure CLI (az). Then, login with the Azure CLI:

az login

Fetch Command

Once cloudquery.yml is generated and you are authenticated with Azure, run the following command to fetch the resources.

cloudquery fetch
# cloudquery fetch --help # Show all possible fetch flags

Exploring and Running Queries

Once CloudQuery fetched the resources, you can explore your cloud infrastructure with SQL!

You can use psql to connect to your postgres instance (of course, you need to change the connection-string to match the location and credentials of your database):

psql "postgres://postgres:[email protected]:5432/postgres?sslmode=disable"

Schema and tables for Azure are available in CloudQuery Hub.

A few example queries for Azure:

find all mysql servers:

SELECT * FROM azure_mysql_servers

find storage accounts which allow non https traffic

SELECT * from azure_storage_accounts where enable_https_traffic_only = false

Policy Command

CloudQuery Policies allow users to write security, governance, cost, and compliance rules, using SQL as the query layer and HCL as the logical layer.

All official and approved community policies are listed on CloudQuery Hub.

Execute a policy

cloudquery policy run azure//cis_v1.3.0

Next Steps

At Cloudquery Hub, you can read more about the CloudQuery Azure provider - including exploring the SQL schema, and advanced configurations.