The Get-AzNetworkDiagram (Powershell)Cmdlet visualizes Azure networking utilizing Graphviz and the "DOT", diagram-as-code language to export a PDF and PNG with a network digram containing:
- VNets, including:
- VNet peerings
- Subnets
- Special subnet: AzureBastionSubnet and associated Azure Bastion resource
- Special subnet: GatewaySubnet and associated resources, incl. Network Gateways, Local Network Gateways and connections with the static defined remote subnets. But excluding Express Route Cirtcuits.
- Special subnet: AzureFirewallSubnet and associated Azure Firewall Policy
- Associated Route Tables
- A * will be added to the subnet name, if a subnet is delegated. Commonly used delegations will be given a proper icon
- A # will be added to the subnet name, in case an NSG is associated
The idea is not to diagram everything - but enough to get an overview of routing across the entire network environment, with documentation and trobleshooting in mind.
- Disclaimer: I take no resposibility for any actions caused by this script!
The script depends on Graphviz (the "DOT", diagram-as-code language) to genereate the diagrams in .PDF and .PNG format.
Graphviz can be downloaded from: https://graphviz.org/. But note that the default install doesn't add the executable to $PATH, so make sure to enable that during install.
It can also be installed using "Winget", but that will NOT add the executable to $PATH - so you will have to do that manually.
Clone repository, switch to the cloned directory, then:
PS> Import-Module .\AzNetworkDiagram.psm1
PS> Install-Module -Name AzNetworkDiagram
-OutputPath c:\temp - set output directory. Default: "."
-Subscriptions "subid1","subid2","..." - a list of subscriptions in scope for the digram
-EnableRanking $bool ($true/$false) - enable ranking (equal hight in the output) of certain resource types. For larger networks, this might be worth a shot. Default: $true
Examples:
PS> Get-AzNetworkDiagram [-Subscriptions "subid1","subid2","..."] [-OutputPath C:\temp\] [-EnableRanking $true]
PS> Get-AzNetworkDiagram Beware, that by using "-Subscriptions" to limit the scope of data collection, you might end up with peerings being created to sparsely defined VNets (which would be out of your defined scope). These would appear as a long string, that is the id of the vnet, with special characters stripped for DOT-compatability.
It will loop over any subscriptions available (or those defined as the parameter) and process supported resource types. After data is collected, a .PDF and .PNG file with the digram will be created.
- Support for
- Express Route Circuits
- Azure vWAN support
- Azure DevOps pipeline for automated runs, with output saved to storage account
- Mail on changes?