Skip to main content

Add Tags to Azure Resource

In the following guide, you are going to create a self-service action in Port that executes a GitHub workflow to add tags to a storage account.

Use-cases

Organize and manage your Azure resources effectively by adding tags directly through Port.

  • Cost Accounting: Categorize resources by department, project, or cost center for accurate billing analysis.
  • Governance: Label resources based on criticality, compliance requirements, or ownership.
  • Search & Filtering: Use tags to link the azure resource to other objects in your Port account.

Prerequisites

  1. Azure Subscription: An active Azure subscription is required to deploy the storage account.
  2. Port Actions Knowledge: Understanding how to create and use Port actions is necessary. Learn the basics here.
  3. GitHub Repository: A repository to store your GitHub workflow file for this action.

GitHub Secrets

To successfully execute this workflow, we will add the following secrets to the GitHub repository containing the workflow:

1. GitHub Action Secrets

  • Navigate to your GitHub repository's "Settings" tab.
  • Select "Secrets" and then "Actions" from the side menu.
  • Create the following secrets:
    • PORT_CLIENT_ID: Your Port Client ID learn more.
    • PORT_CLIENT_SECRET: Your Port Client Secret learn more.

2. Azure Cloud Credentials

Important:

For secure Azure interactions, we'll use a Service Principal. If you need help creating one, follow this guide

  • Once you have your Service Principal, create these GitHub Action secrets:
    • ARM_CLIENT_ID: Service Principal Application (Client) ID
    • ARM_CLIENT_SECRET: Service Principal Password
    • ARM_SUBSCRIPTION_ID: Your Azure Subscription ID
    • ARM_TENANT_ID: Your Azure Tenant ID

Port Configuration

Import Azure Resources

Import Azure resources into your Port account using the Azure Exporter

  1. Create the azureStorage blueprint.
    • Head to the Builder page.
    • Click on the + Blueprint button.
    • Click on the {...} Edit JSON button.
    • Copy and paste the following JSON configuration into the editor.
Port Blueprint: Azure Storage Account
note

Keep in mind that this can be any blueprint you require; the provided example is just for reference.

{
    "identifier": "azureStorage",
    "title": "Azure Storage Account",
    "icon": "Azure",
    "schema": {
        "properties": {
            "storage_name": {
                "title": "Account Name",
                "type": "string",
                "minLength": 3,
                "maxLength": 63,
                "icon": "DefaultProperty"
            },
            "storage_location": {
                "icon": "DefaultProperty",
                "title": "Location",
                "type": "string"
            },
            "url": {
                "title": "URL",
                "format": "url",
                "type": "string",
                "icon": "DefaultProperty"
            }
        },
        "required": [
            "storage_name",
            "storage_location"
        ]
    },
    "mirrorProperties": {},
    "calculationProperties": {},
    "relations": {}
}

  1. To create the Port action:
    • Head to the self-service page.
    • Click on the + New Action button.
    • Click on the {...} Edit JSON button.
    • Copy and paste the following JSON configuration into the editor.
Port Action: Add Tags to Azure Storage
tip
  • <GITHUB-ORG> - your GitHub organization or user name.
  • <GITHUB-REPO-NAME> - your GitHub repository name.
{
  "identifier": "service_add_tags_to_azure_storage",
  "title": "Add Tags to Azure Storage",
  "icon": "Azure",
  "description": "Add tags to azure storage account",
  "trigger": {
    "type": "self-service",
    "operation": "DAY-2",
    "userInputs": {
      "properties": {
        "tags": {
          "title": "Tags",
          "type": "object"
        }
      },
      "required": [
        "tags"
      ],
      "order": []
    },
    "blueprintIdentifier": "azureStorage"
  },
  "invocationMethod": {
    "type": "GITHUB",
    "org": "<GITHUB-ORG>",
    "repo": "<GITHUB-REPO-NAME>",
    "workflow": "tag-azure-resource.yml",
    "workflowInputs": {
      "tags": "{{ .inputs.\"tags\" }}",
      "port_context": {
        "entity": "{{ .entity }}",
        "blueprint": "{{ .action.blueprint }}",
        "runId": "{{ .run.id }}",
        "trigger": "{{ .trigger }}"
      }
    },
    "reportWorkflowStatus": true
  },
  "requiredApproval": false,
  "publish": true
}

GitHub Workflow

  1. Update the following Terraform templates in the terraform folder at the root of your GitHub repository:

    tip

    Fork our example repository to get started.

    1. main.tf - Include a tags field within the configuration of the storage account resource.
    2. variables.tf – Introduce a new variable named resource_tags.
main.tf
main.tf
...

resource "azurerm_storage_account" "storage_account" {
    name                = var.storage_account_name
    resource_group_name = var.resource_group_name

    location                 = var.location
    account_tier             = "Standard"
    account_replication_type = "LRS"
    account_kind             = "StorageV2"
    tags                     = var.resource_tags
}

...
variables.tf
variables.tf
// ...
variable "resource_tags" {
  type = map(string)
  default = {
    Environment = "Production"
  }
}
// ...

  1. Create a workflow file under .github/workflows/tag-azure-resource.yml with the following content:
GitHub workflow script
note

Replace the following variables for the terraform init step:

  1. RESOURCE_GROUP_NAME with a resource group from your Azure account. Check this guide to find your resource groups.
  2. STORAGE_ACCOUNT_NAME: The storage account containing.
  3. TF_STATE_CONTAINER: The name of the container used for storing the Terraform state files.
  4. TF_STATE_KEY: Indicate the key that uniquely identifies the configuration file.
tag-azure-resource.yml
name: "Tag Azure Resource"

on: 
  workflow_dispatch:
    inputs:
      tags:
        required: true
        type: string
      port_context:
        required: true
        type: string
        description: >-
          Action and general context (blueprint, run id, etc...)

env: 
  TF_LOG: INFO
  TF_INPUT: false

jobs:
  terraform:
    name: "Add Tags to Azure Resource"
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
        working-directory: ./terraform

    steps:
      - name: Inform starting of action
        uses: port-labs/port-github-action@v1
        with:
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          operation: PATCH_RUN
          runId: ${{ fromJson(inputs.port_context).runId }}
          logMessage: |
            Starting a GitHub workflow to tag the Azure resource: ${{ fromJson(inputs.port_context).entity.identifier }} ... ⛴️

      - name: Checkout the repository to the runner
        uses: actions/checkout@v4

      - name: Setup Terraform with specified version on the runner
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.6.0
      
      - name: Terraform init
        id: init
        env:
          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
          ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
          RESOURCE_GROUP_NAME: YourResourceGroup
          STORAGE_ACCOUNT_NAME: YourStorageAccount
          TF_STATE_CONTAINER: tfstate
          TF_STATE_KEY: terraform.tfstate
        run: |
          terraform init \
            -backend-config="resource_group_name=$RESOURCE_GROUP_NAME" \
            -backend-config="storage_account_name=$STORAGE_ACCOUNT_NAME" \
            -backend-config="container_name=$TF_STATE_CONTAINER" \
            -backend-config="key=$TF_STATE_KEY" \
            -input=false

      - name: Terraform format
        id: fmt
        run: terraform fmt -check
      
      - name: Terraform validate
        id: validate
        run: terraform validate

      - name: Run Terraform Plan and Apply (Azure)
        id: plan-azure
        env: 
            ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
            ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
            ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
            ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
            TF_VAR_port_client_id: ${{ secrets.PORT_CLIENT_ID }}
            TF_VAR_port_client_secret: ${{ secrets.PORT_CLIENT_SECRET }}
            TF_VAR_port_run_id: ${{ fromJson(inputs.port_context).runId }}
            TF_VAR_storage_account_name: ${{ fromJson(inputs.port_context).entity.identifier }}
            TF_VAR_resource_tags: ${{ github.event.inputs.tags }}
        run: |
          terraform plan \
            -input=false \
            -out=tfazure-${GITHUB_RUN_NUMBER}.tfplan

          terraform apply -auto-approve -input=false tfazure-${GITHUB_RUN_NUMBER}.tfplan

      - name: Create a failure log message
        if: steps.plan-azure.outcome == 'failure'
        uses: port-labs/port-github-action@v1
        with:
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          baseUrl: https://api.getport.io
          operation: PATCH_RUN
          runId: ${{fromJson(inputs.port_context).runId}}
          logMessage: Failed to tag azure resource ${{ fromJson(inputs.port_context).entity.identifier }}


      - name: Create a log message
        uses: port-labs/port-github-action@v1
        with:
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          baseUrl: https://api.getport.io
          operation: PATCH_RUN
          runId: ${{fromJson(inputs.port_context).runId}}
          logMessage: Added tags to ${{ fromJson(inputs.port_context).entity.identifier }}

Let's Test It!

  • On the self-service page, select the action and fill in the properties.
  • Click the execute button to trigger the GitHub workflow.

More relevant guides

  1. Add tags to S3 Bucket
  2. Add tags to ECR Repository