At current client we've been pushing out standard tags via Azure Policy to both resource groups and resources. One policy adds tags to the resource groups and another poicy inherits the tags from the resource groups to the resources (to only have to update tags in one place).
After some evaluation we found that we'd pushed too many tags and needed to delete some of them from some of the subscriptions.
There is no easy way to do this in bulk from the portal but it can be done with Powershell.
The logical command to use would be Remove-AzTag but apparently that is only for unused tags and so it won't work if you've added values to your tags.
To delete tags with values added to them, you need two different scripts. One for resource groups and one for the resources.
If you have an 'inherit tags' policy enabled that force changes on updates, then make sure to delete first the tags on the resource groups and then on the resources. Otherwise the tags will be re-written to the resources immediately on update.
Both scripts below will traverse all or selected subscriptions and delete tags.
DeleteTagsOnRGs.ps1
# This script will delete the specified tag including values only on resources groups.
# Update this variable with tag name to be deleted. No tag value required.
$DeleteTag = "ContactEmail"
# Get all subscriptions in tenant
# $subscriptions = Get-AzSubscription
# To get all subscriptions except subscription named: SUBS NAME
# Replace -notlike with -eq to get a specific subscription
$subscriptions = Get-AzSubscription | Where-Object {$_.Name -notlike "SUBS NAME"}
# Traverse through all subscriptions
Foreach ($subscription in $subscriptions ) {
# Select a subscription
Select-AzSubscription -subscriptionid $subscription
# Get list of resource groups in subscription
$rg = Get-AzResourceGroup
# For each resource group, get the associated tags and put into a variable
Foreach ($i in $rg.ResourceGroupName)
{
$Tags = (Get-AzResourceGroup -Name $i).Tags
# Remove the tag with the Name specified
$Tags.Remove($DeleteTag)
# Set the tags on the resource group
Set-AzResourceGroup -Name $i -Tag $Tags
}
}
DeleteTagsOnResources.ps1
# This script will delete tags on all resources in all subscriptions,
# however not on the resource groups, see DeleteTagsOnRGs.ps1 for that.
# Must run as .ps1 script, pasting into Cloud Shell will not work.
# Note, there can be a delay of 20-30 mins from running script until Tags appear
# as deleted in the Portal
# Before running this script, ensure that tags are deleted at RG level first
# otherwise they'll be re-added via the Inherit policy (if applied)
# To get all subscriptions
# $subs = Get-AzSubscription
# Get only a specific subscription
# $subs = Get-AzSubscription | Where-Object {$_.Name -eq "SUBS NAME"}
# To get all subscriptions except SUBS NAME
$subs = Get-AzSubscription | Where-Object {$_.Name -notlike "SUBS NAME"}
# Specify tag name
$tagname = "ContactEmail"
# Specify tag value
$tagvalue = "person@companyemail.com"
# Through all subscriptions, get resources with specified tag and value,
# remove the tag from the array and update the resource
$subs | ForEach-Object {
Set-AzContext $_
$rs = Get-AzResource -TagName $tagname -TagValue $tagvalue
$rs | ForEach-Object {
$_.Tags.Remove($tagname)
$_ | Set-AzResource -Force
}
}
That's it.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.