When you create an Azure resource, you must specify the properties the newly created resource must have. Once created, many of those properties can be changed; the tags of a resource for example.
I'd like to be able to programmatically (i.e. not via the Portal) retrieve the properties of a resource as they were at initial deployment time of that resource, even in case the resource no longer exists. I don't have a need for a long history, a day or two retention for the creation record is more than sufficient.
How can I achieve this?
Things I've tried:
- Querying the
resourcechanges
table in the Resource Graph. I do get the creation record, but the record does not contain the properties of the resource. This is documented behavior: The changes property dictionary is only included when changeType is Update. - Looking in Change Analysis. That does give me the deletion event (and properties as they were at deletion time), but it does not give me the creation event.
- Resource Creation events in Event Grid. Unfortunately, those also don't contain the properties. (If all else fails I could set something up that would, upon reception of the creation event, immediately query the resource, but if at all possible I'd like to avoid this.)
When looking at the Event Log of the resource group, the creation record looks like this (I have randomized the GUIDs):
{
"targetResourceType": "microsoft.managedidentity/userassignedidentities",
"changeAttributes": {
"previousResourceSnapshotId": null,
"newResourceSnapshotId": "08585057886968675807_6dad72a1-ddf9-4bf8-95b6-9e20644861f1_1719005433_1695818188",
"correlationId": "c7a2848b-748a-471b-9fac-622028b717b7",
"changesCount": 0,
"timestamp": "2023-09-27T12:36:28.6100000Z"
},
"targetResourceId": "/subscriptions/e26fef86-e3b2-4558-98b9-8d8553db6ec1/resourceGroups/rg-jo-test/providers/Microsoft.ManagedIdentity/userAssignedIdentities/changetrackingtest",
"changeType": "Create",
"changes": {}
}
That newResourceSnapshotId
sure looks like it could contain what I need, but I wouldn't know if it's possible to retrieve it, let alone how.
How can I obtain the properties of a resource how they were at deployment time, even when the resource has been deleted at the time of the query?