In this post, we will see how we can validate the azure resources before we move them to another resource group.
Prerequisites
Create an Azure AD App
Before we begin, we need to create a new application into the Azure AD. We will do this via cloud shell on the Azure Portal by typing the following command.
az ad sp create-for-rbac -n "{Name Of The App}"
Create Variables On Postman
For our convenience, we will store in variables the necessary information that we need to use.
To begin with, we will create a new Environment. On the left-hand side, menu select Environments and then click the + button
As the images below show, type a name for the environment, e.g. “Validate Azure Resources”, and then add the variables.
At the table below we can see how to match the variables to values
ClientId | appId |
Secret | password |
Validate Operation Steps
Step 1: Request Bearer Token
POST https://login.microsoftonline.com/{{TenantID}}/oauth2/token
KEY | VALUE |
grant_type | client_credentials |
client_id | {{ClientId}} |
client_secret | {{Secret}} |
resource | https://management.azure.com |
Step 2: Validate Move
POST https://management.azure.com/subscriptions/{{SubscriptionId}}/resourceGroups/{{ResourceGroup_Source}}/validateMoveResources?api-version=2020-06-01
In the Body section select raw – JSON, and paste the code below changing the resources and the targetResourceGroup values.
Examples:
{ "resources": ["<resource-id-1>", "<resource-id-2>"], "targetResourceGroup": "/subscriptions/<subscription-id>/resourceGroups/<target-group>" }
{ "resources": ["/subscriptions/########-####-####-####-############/resourceGroups/PentestVM/providers/Microsoft.Compute/virtualMachines/KaliVM", "/subscriptions/########-####-####-####-############/resourceGroups/PENTESTVM/providers/Microsoft.Compute/disks/KaliVM_OsDisk_1_6278d118af8c46279154c06ae105c04a","/subscriptions/########-####-####-####-############/resourceGroups/PentestVM/providers/Microsoft.Compute/sshPublicKeys/KaliVM_key"], "targetResourceGroup": "/subscriptions/########-####-####-####-############/resourceGroups/RG_B" }
Step 3. Check the status
The final step is to execute the request below to validate the resources. To do this from our previous request we have to copy the Location from the Headers section.
GET <location-url>
GET https://management.azure.com/subscriptions/########-####-####-####-############/operationresults/kIdh3L2ajdhIOlsBCKSHkahdihgwekfdiuw1231kk1RWTS1XRVNURVVST1BFLVZBTElEQVRdsfdsfdsr4kljlKJIJLKJiohjlfhjlksdjfo9uiN0ZXVyb3BlIn0?api-version=2020-06-01
In the image below, we can see the GET request results.