Draw.io Azure infrastructure diagrams through code like an artist

Introduction

In this article we will see how to create an Azure diagram to reveal all the dependencies between Azure App Services, their Application Insights and finally their workspace-based Log Analytics Workspaces.

The use case consist in:

auditing the current configuration on Azure through a PowerShell script,
export the current infrastructure set up on a CSV Draw.io readable file,
observe a work of art.

Concept

To make this piece of art possible you should have a clear idea of the following concept.

Azure resource dependencies: An App Service or Function App can send logs to an Application Insights and Application Insights can send logs to a Log Analytics workspace. This refers to the concept of Workspace-based Application Insights resources.
Draw.io is a free diagram software that permits to insert diagram from specially formatted CSV Data as explained in the following blog.

We can now move on to the next chapter which consists of creating a script that will scan our Infrastructure and write to the CSV in draw.io format.

Script

The following PowerShell script will analyze your App Services configuration based on which ones have these tags and export its results to a local file.

$AzureTagToFilterOn = @{ "env" = "dev" } $FileForDrawIo = "draw.io.export.txt"

There are 2 main tips on the script you should understand:

The Draw.io “styles” block points out to existing Draw.io shapes, you can print their code by selecting an existing shape, then press Ctrl+E on Windows or Cmd+E on macOS.
You can create multiple connections between your CSV rows with their own properties (labels, line style, etc…).

The complete script:

#region variable $SubscriptionName = "Your Azure Subscription Name" $AzureTagToFilterOn = @{ "env" = "dev" } $FileForDrawIo = "draw.io.export.txt" $DrawIoExport = @() $contentToAdd = @" ## Azure Application Insights depedencies. ## Node label with placeholders and HTML. ## Default is '%name_of_first_column%'. # # label: %name%<br><i style="color:gray;">%type%</i><br> # ## Shapes and their styles # stylename: type # styles: {"application insights": "aspect=fixed;html=1;points=[];align=center;image;fontSize=15;image=img/lib/azure2/management_governance/Application_Insights.svg;",\ # "functionapp": "aspect=fixed;html=1;points=[];align=center;image;fontSize=15;image=img/lib/azure2/iot/Function_Apps.svg;",\ # "log analytics workspaces": "aspect=fixed;html=1;points=[];align=center;image;fontSize=15;image=img/lib/azure2/management_governance/Log_Analytics_Workspaces.svg;",\ # "app": "aspect=fixed;html=1;points=[];align=center;image;fontSize=12;image=img/lib/azure2/app_services/App_Services.svg;"} ## Connections between rows ("from": source colum, "to": target column). ## Label, style and invert are optional. Defaults are '', current style and false. # connect: {"from": "application_insights", "to": "name", "label": "logs", \ # "style": "curved=1;endArrow=blockThin;endFill=1;fontSize=11;"} # connect: {"from": "log_analytics_workspaces", "to": "name", "style": "curved=1;fontSize=11;"} # # ignore: application_insights,log_analytics_workspaces # layout: verticalflow # ## ---- CSV below this line. First line are column names. ---- "@ Set-Content $FileForDrawIo $contentToAdd Add-Content $FileForDrawIo "name,resource_group,type,application_insights,log_analytics_workspaces" #endregion #region function Function draw_io_csv { [CmdletBinding()] Param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true)][String] $name, [Parameter(Mandatory = $true, ValueFromPipeline = $true)][String] $resource_group, [Parameter(Mandatory = $true, ValueFromPipeline = $true)][String] $type, [Parameter(Mandatory = $false, ValueFromPipeline = $true)][String] $application_insights, [Parameter(Mandatory = $false, ValueFromPipeline = $true)][String] $log_analytics_workspaces ) Process { $private:tableObj = New-Object PSObject $tableObj | Add-Member -Name name -MemberType NoteProperty -Value $name $tableObj | Add-Member -Name resource_group -MemberType NoteProperty -Value $resource_group $tableObj | Add-Member -Name type -MemberType NoteProperty -Value $type $tableObj | Add-Member -Name application_insights -MemberType NoteProperty -Value $application_insights $tableObj | Add-Member -Name log_analytics_workspaces -MemberType NoteProperty -Value $log_analytics_workspaces return $tableObj } } #endregion #region action ## connectivity $AzureRmContext = Get-AzSubscription -SubscriptionName $SubscriptionName | Set-AzContext -ErrorAction Stop Select-AzSubscription -Name $SubscriptionName -Context $AzureRmContext -Force -ErrorAction Stop ## audit $ResourceGroups = Get-AzResourceGroup -Tag $AzureTagToFilterOn | Select-Object ResourceGroupName $AllAppInsights = Get-AzResource -ResourceType "microsoft.insights/components" -ExpandProperties foreach ($ResourceGroup in $ResourceGroups) { Write-Host "Working on Resource Group Name [$($ResourceGroup.ResourceGroupName)]" -ForegroundColor Cyan $WebApps = Get-AzWebApp -ResourceGroupName $ResourceGroup.ResourceGroupName | Select-Object ResourceGroup, Name foreach ($WebAppResource in $WebApps) { Write-Host "Working on Web App [$($WebAppResource.Name)]" -ForegroundColor Cyan $WebApp = Get-AzWebApp -ResourceGroupName $WebAppResource.ResourceGroup -Name $WebAppResource.Name $AppInsightsInstrumentationKey = $WebApp.SiteConfig.AppSettings.GetEnumerator() | Where-Object {$_.name -eq "APPINSIGHTS_INSTRUMENTATIONKEY"} $AppInsightsProperties = $AllAppInsights | Select-Object -ExpandProperty Properties | Select-Object Name, InstrumentationKey, WorkspaceResourceId | Where-Object {$_.InstrumentationKey -eq $AppInsightsInstrumentationKey.Value} if($AppInsightsProperties) { if($AppInsightsProperties.WorkspaceResourceId) { Write-Host "Export the configuration of the Log Analytics Workspace [$($AppInsightsProperties.WorkspaceResourceId.split("/")[-1])] connected to the App [$($WebAppResource.Name)]" $LogAnalyticsWorkspacesName = $AppInsightsProperties.WorkspaceResourceId.split("/")[-1] $DrawIoExport += draw_io_csv -name $AppInsightsProperties.WorkspaceResourceId.split("/")[-1] ` -resource_group $AppInsightsProperties.WorkspaceResourceId.split("/")[-5] ` -type "log analytics workspaces" ` -application_insights "" ` -log_analytics_workspaces "" }else{ $LogAnalyticsWorkspacesName = "" } $AppInsightsId = $($AllAppInsights | Where-Object {$_.Name -like $AppInsightsProperties.Name}).Id $AppInsightsName = $($AppInsightsId.Split("/")[-1]) Write-Host "Export the configuration of the Application Insights [$($AppInsightsId.split("/")[-1])] connected to the App [$($WebAppResource.Name)]" $DrawIoExport += draw_io_csv -name $AppInsightsId.split("/")[-1] ` -resource_group $AppInsightsId.split("/")[-5] ` -type "application insights" ` -application_insights "" ` -log_analytics_workspaces $LogAnalyticsWorkspacesName }else{ $AppInsightsName = "" } Write-Host "Export the configuration of the App [$($WebAppResource.Name)]" $DrawIoExport += draw_io_csv -name $WebApp.Name ` -resource_group $WebApp.ResourceGroup ` -type $WebApp.Kind.Split(",")[0] ` -application_insights $AppInsightsName ` -log_analytics_workspaces "" } } #endregion #region export foreach($Line in $DrawIoExport | Select-Object -Unique -Property name, resource_group, type, application_insights, log_analytics_workspaces){ Add-Content $FileForDrawIo "$($Line.name),$($Line.resource_group),$($Line.type),$($Line.application_insights),$($Line.log_analytics_workspaces)".ToLower() } #endregion

Rendering

From Draw.io select Arrange > Insert > Advanced > CSV.

Paste your formatting information and CSV data into the large text field, overwriting the example.

The following screenshot illustrates a diagram generated by the PowerShell script.

Conclusion

We saw in this demo how to draw a script-based Azure App Service oriented diagram. This methodology has no limits and DALL-E knows it, would you defeat it ?

See You in the Cloud

Jamesdld

Published on: March 01, 2024

Learn more

Azure Developer Community Blog articles

Setting up Power BI Version Control with Azure Dev Ops

In this blog post is a way set up version control for Power BI semantic models (and reports) using the PBIP (Power BI Project) format, Azure D...

3 days ago

Azure Developer CLI (azd) – March 2026: Run and Debug AI Agents Locally, GitHub Copilot Integration, & Container App Jobs

Run, invoke, and monitor AI agents locally or in Microsoft Foundry with the new azd AI agent extension commands. Plus GitHub Copilot-powered p...

4 days ago

Blog image

Azure Developer Community Blog articles

Learn more

Draw.io Azure infrastructure diagrams through code like an artist

Introduction

Concept

Script

Rendering

Conclusion

Related posts

Setting up Power BI Version Control with Azure Dev Ops

Azure Developer CLI (azd) – March 2026: Run and Debug AI Agents Locally, GitHub Copilot Integration, & Container App Jobs

Writing Azure service-related unit tests with Docker using Spring Cloud Azure

Azure SDK Release (March 2026)

Specifying client ID and secret when creating an Azure ACS principal via AppRegNew.aspx will be removed

Azure Firewall integration with Microsoft Sentinel and Defender XDR

Azure Developer CLI (azd): Run and test AI agents locally with azd

Microsoft Purview compliance portal: Endpoint DLP classification support for Azure RMS–protected Office documents

Azure Security - Build and Scale Securely on Microsoft's AI Platform

Introducing the Azure Cosmos DB Plugin for Cursor