Skip to main content

3 posts tagged with "finops"

View All Tags

Azure Provider Update - July 2026

· 4 min read
Technologist and Cloud Consultant

We've released a major update to the StackQL Azure provider family:

  • azure - core Microsoft Azure services: 268 services, 3,473 resources and 13,559 operations (up from 202 services, a 33% increase in service coverage)
  • azure_extras - domain-specific and specialized Microsoft services (44 services)
  • azure_isv - Azure Native ISV and partner services: Databricks, Datadog, Confluent, Elastic, MongoDB Atlas, Oracle Database@Azure and more (27 services)
  • azure_stack - the Azure Stack / Azure Local family (4 services)

Service, resource and method names are consistently snake_cased, service titles carry the official Azure product names, and related services have been consolidated - SHOW SERVICES IN azure now reads like the Azure portal, not like an SDK package index.

Control plane and data plane in one provider

Most Azure tooling stops at ARM. This provider exposes Azure data plane APIs alongside the ARM control plane as first-class services, so the same SQL surface that manages a resource can work with what's inside it.

Enumerate Key Vaults in a subscription (control plane), then list the secrets in one of them (data plane):

SELECT name, location
FROM azure.key_vault.vaults
WHERE subscription_id = '<subscription_id>';

SELECT id, content_type, attributes
FROM azure.key_vault_secrets.secrets
WHERE vault_name = 'my-vault';

The same pattern extends across the platform - Storage blobs, queues and file shares, Cosmos DB tables, App Configuration key-values, Event Grid publishing, Container Registry repositories, Azure Monitor log queries and ingestion, Azure Maps, Azure AI Search documents, Service Fabric cluster operations, Batch jobs, and the Synapse and Purview workspace APIs are all present as data plane services next to their management planes.

The AI surface

The biggest expansion in this release is AI - 20 services covering Azure AI Foundry and the Azure AI services portfolio:

  • Azure AI Foundry: ai_projects, ai_agents, ai_inference, ai_evaluation
  • Language: ai_language (conversational language understanding, question answering and their authoring surfaces in a single service), ai_text_analytics, ai_translation_text, ai_translation_document
  • Vision: ai_vision_image_analysis, ai_vision_face
  • Documents: ai_document_intelligence, ai_form_recognizer
  • Speech: ai_transcription, ai_voice_live
  • Safety and content: ai_content_safety, ai_content_understanding
  • Plus ai_anomaly_detector, ai_personalizer, ai_discovery and the cognitive_services management plane

Inventory every Azure AI services account in a subscription, with kind and provisioning state:

SELECT name, kind, location, provisioning_state
FROM azure.cognitive_services.accounts
WHERE subscription_id = '<subscription_id>';

ARM's nested properties envelope is flattened at query time, so attributes like provisioning_state are ordinary columns - no JSON extraction needed for the common case.

More new and expanded coverage

  • Communication - the full Azure Communication Services surface: email, SMS, chat, calling automation, phone numbers, rooms, job router, advanced messaging and identity (9 services)
  • Databases - Azure NetApp Files, Azure Cache for Redis, Azure Managed Redis, Azure DocumentDB (MongoDB compatibility), Azure HorizonDB, MySQL and PostgreSQL flexible servers, Azure Data Explorer (Kusto)
  • Compute and containers - Compute Fleet, Compute Schedule, AKS (container_service), Kubernetes Fleet Manager, deployment safeguards, Container Registry tasks and data plane, Azure Red Hat OpenShift, Azure VMware Solution
  • Observability - Azure Monitor log query, metrics query and logs ingestion data planes, Azure Monitor workspaces (managed Prometheus), health models
  • Governance - Microsoft Purview catalog, data map, scanning, sharing and workflow APIs; a consolidated resource service spanning deployments, policy, locks, template specs and subscriptions
  • Maps - geocoding, routing, rendering, geolocation, timezone and weather (6 services)
  • Hybrid - Azure Arc-enabled servers, Kubernetes, VMware vSphere and System Center VMM, Arc gateway, Azure Local

Authentication

The provider uses Azure's standard credential chain - an az login session works as-is, or set service principal credentials:

export AZURE_TENANT_ID=<tenant_id>
export AZURE_CLIENT_ID=<client_id>
export AZURE_CLIENT_SECRET=<client_secret>

Get started

Pull the providers from the public registry:

registry pull azure
registry pull azure_extras
registry pull azure_isv
registry pull azure_stack

Then explore - it's just SQL:

SELECT name, location, provisioning_state, vm_id
FROM azure.compute.virtual_machines
WHERE subscription_id = '<subscription_id>';

Provider docs are at azure-provider.stackql.io. Let us know what you build. Star us on GitHub.

From finding to fix: cloud auto-remediation with AI and StackQL

· 7 min read
Technologist and Cloud Consultant

A cloud audit tells you what is wrong. The work starts when you have to fix it. Most tooling stops at the findings list and hands a spreadsheet to an engineer, and the findings sit there until someone has a quiet afternoon.

This post walks through the other half: a remediation loop that turns each finding into a reviewable pull request, verifies live state before it changes anything, and applies the fix on merge. It runs entirely in GitHub Actions, authenticates with OIDC, and uses StackQL to talk to cloud control planes. The repo is public at stackql-labs/stackql-ai-remediation, and the example throughout is FinOps waste (unattached disks, idle IPs, zero-VM projects), though the shape is the same for posture and security checks.

The 5 Minute Global AWS Inventory

· One min read
Technologist and Cloud Consultant

StackQL allows you to query and interact with your cloud and SaaS assets using a simple SQL framework. Use cases include CSPM, asset inventory and analysis, finops and more, as well as IaC and sysops (lifecycle management).

Using stackql and the aws provider (AWS Cloud Control provider for stackql), here's how you can query your entire AWS estate in real time (globally) and generate a simple report like this...

aws-inventory-example

Check out the code at AWS Global Inventory!

Visit us and give us a ⭐ on GitHub