In this post, we will see how we can validate the azure resources before we move them to another resource group.

Prerequisites

  • A Microsoft Account
  • A valid Azure Subscription
  • Installed Postman or Fiddler

 

Create an Azure AD App

Before we begin, we need to create a new application into the Azure AD. We will do this via cloud shell on the Azure Portal by typing the following command.

az ad sp create-for-rbac -n "{Name Of The App}"

Create Variables On Postman

For our convenience, we will store in variables the necessary information that we need to use.

To begin with, we will create a new Environment. On the left-hand side, menu select Environments and then click the + button

As the images below show, type a name for the environment, e.g. “Validate Azure Resources”, and then add the variables.

   

At the table below we can see how to match the variables to values

ClientId appId
Secret password

Validate Operation Steps

Step 1: Request Bearer Token

POST https://login.microsoftonline.com/{{TenantID}}/oauth2/token

 

KEY VALUE
grant_type client_credentials
client_id {{ClientId}}
client_secret {{Secret}}
resource https://management.azure.com

Step 2: Validate Move

 

POST https://management.azure.com/subscriptions/{{SubscriptionId}}/resourceGroups/{{ResourceGroup_Source}}/validateMoveResources?api-version=2020-06-01

 

In the Body section select rawJSON, and paste the code below changing the resources and the targetResourceGroup values.

Examples:

{
"resources": ["<resource-id-1>", "<resource-id-2>"],
"targetResourceGroup": "/subscriptions/<subscription-id>/resourceGroups/<target-group>"
}
{
 "resources": ["/subscriptions/########-####-####-####-############/resourceGroups/PentestVM/providers/Microsoft.Compute/virtualMachines/KaliVM", "/subscriptions/########-####-####-####-############/resourceGroups/PENTESTVM/providers/Microsoft.Compute/disks/KaliVM_OsDisk_1_6278d118af8c46279154c06ae105c04a","/subscriptions/########-####-####-####-############/resourceGroups/PentestVM/providers/Microsoft.Compute/sshPublicKeys/KaliVM_key"],
 "targetResourceGroup": "/subscriptions/########-####-####-####-############/resourceGroups/RG_B"
}

Step 3. Check the status

The final step is to execute the request below to validate the resources. To do this from our previous request we have to copy the Location from the Headers section.

GET <location-url>
GET https://management.azure.com/subscriptions/########-####-####-####-############/operationresults/kIdh3L2ajdhIOlsBCKSHkahdihgwekfdiuw1231kk1RWTS1XRVNURVVST1BFLVZBTElEQVRdsfdsfdsr4kljlKJIJLKJiohjlfhjlksdjfo9uiN0ZXVyb3BlIn0?api-version=2020-06-01

In the image below, we can see the GET request results.

See Also

Share This