Azure Service Health provides guidance and support when issues in Azure services affect you. It provides timely and personalized information about the impact of service issues and helps you prepare for upcoming planned maintenance. Azure customers review service health events in their personalized service health dashboard in Azure portal. There, they can receive alerts and updates via emails, text messages, and webhook notifications. However, if you are an Azure partner who helps many customers manage their Azure cloud, it can be challenging to review Service Health data for your customers in a centralized place. This Python Flask code sample will demonstrate how you can request access to, and query Service Health events from multiple Azure subscriptions, belonging to multiple Azure customers, and review them in a single place.
Unless you are registered as a user in the tenant where the Azure Subscription lives, you will not be able to access Health Logs for an Azure Subscription using your user credentials. For partner and customers this may be an unreasonable requirement, so instead, we will use an Application Identity to access the logs in the customer’s subscription on behalf of the partner. To enable this, the follow steps need to take place:
- An Azure AD Application needs to be registered in the Partner tenant.
- The customer needs to login and give consent to the application to have delegated access to Azure Resource Manager.
- The application then needs to add its own Service Principal to the ARM Reader role so that it can access the Health Logs in the future without the Customer logged in.
- The application gets an access token to ARM with its Application Identity, and retrieves the Customer Health information on-behalf of the partner.
Registering your Application
- Go to the Azure Portal (https://portal.azure.com)
- Navigate to the “App Registration” blade
- Create a New Application Registration
- Name = “Azure Health Monitor”
- Application Type = “Web app / API”
- Sign-on URL = “http://localhost:5000/customer/login/authorized”
- Make the application Multi-Tenant
- Properties > Multi-Tenanted > Yes
- Update your “Required permissions” to enable access to ARM
- Required Permissions > Add > Select an API > Windows Azure Service Management API
- Select “Access Azure Service Management as organization users (preview)” in Delegated Permissions
- Create a New Application Key
- Keys > Description > “app_key”
- Keys > Duration > (choose an expiry time)
- Copy the value for your application key
Set Up Python Environment
You need to install the following Python Libraries in order to get your application to run:
- pip install adal
- pip install azure-batch
- pip install azure-mgmt-scheduler
- pip install msrestazure
- pip install tinydb
Set Up the Python Flask Sample
After you have completed your app registration, you should have 2 pieces:
- An Application ID GUID
- An App Secret String
After you download and unpackage the sample, you will need to update “appconfig.py” to use these values. Additionally, you should generate a new secret key which will be used for Flask sessions. Make sure to never share your “appconfig.py” file! Once you save your updated configuration file, you are ready to run the sample!