Azure Topology Graph MCP Server

A Model Context Protocol (MCP) server that queries Azure Resource Graph, ARM, and Network Watcher to create topology maps that Cursor can explore.

Features

Resource Inventory: Query resources across multiple subscriptions using Azure Resource Graph
Detailed Configuration: Pull detailed configuration for specific resources using ARM APIs
Network Topology: Build network topology using Azure Network Watcher
Graph Representation: Represent infrastructure as nodes and edges
MCP Tools: Expose powerful tools for searching, exploring, and analyzing Azure infrastructure

Available Tools

search_resources: Search Azure resources by name, type, or other properties
get_resource: Get detailed information about a specific Azure resource
get_neighbors: Get resources connected to a specific resource
find_path: Find connection paths between two Azure resources
export_topology: Export the complete topology graph (JSON or summary)
refresh_topology: Refresh the topology cache by re-querying Azure

Prerequisites

Azure Service Principal: You need an Azure service principal with appropriate permissions
Azure Permissions: The service principal needs at least Reader access to the subscriptions and resource groups you want to query
Node.js: Version 16 or later

Setup

1. Clone and Install Dependencies

git clone <your-repo-url>
cd azure_mcp_graph
npm install

2. Configure Azure Credentials

Create a .env file in the project root:

AZURE_TENANT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AZURE_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
AZURE_CLIENT_SECRET=your-service-principal-secret
SUBSCRIPTION_IDS=sub-id-1,sub-id-2,sub-id-3
DEFAULT_RG=MyWorkloadRG
DEFAULT_REGION=eastus
NETWORK_WATCHER_NAME=NetworkWatcher_eastus

3. Build the Server

npm run build

4. Configure Cursor MCP

Add the following to your Cursor MCP configuration file (usually ~/.cursor/config.json):

{
  "mcpServers": {
    "azure-graph": {
      "command": "node",
      "args": ["/path/to/azure_mcp_graph/dist/server.js"],
      "env": {
        "AZURE_TENANT_ID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "AZURE_CLIENT_ID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "AZURE_CLIENT_SECRET": "your-service-principal-secret",
        "SUBSCRIPTION_IDS": "sub-id-1,sub-id-2,sub-id-3",
        "DEFAULT_RG": "MyWorkloadRG",
        "DEFAULT_REGION": "eastus",
        "NETWORK_WATCHER_NAME": "NetworkWatcher_eastus"
      }
    }
  }
}

Usage Examples

Once configured, you can use the following commands in Cursor:

Search for Resources

Search for all virtual machines in my infrastructure

Explore Resource Relationships

Show me all resources connected to my VM named "web-server-01"

Find Connectivity Paths

Find the network path between my application gateway and backend VMs

Export Topology

Export a summary of my entire Azure topology

Development

Run in Development Mode

npm run dev

Build

npm run build

Clean Build Output

npm run clean

Architecture

The server consists of several key components:

Azure Clients: Interfaces with Azure Resource Graph, ARM, and Network Watcher APIs
Graph Builder: Constructs topology graphs from Azure resource data
Relationship Analyzer: Identifies and builds relationships between resources
MCP Tools: Exposes functionality through the Model Context Protocol
Caching: Intelligent caching with configurable TTL for performance

Troubleshooting

Authentication Issues

Ensure your service principal has the correct permissions
Verify your Azure credentials are correctly configured
Check that your subscription IDs are valid and accessible

Performance Issues

The server caches topology data for 5 minutes by default
Use refresh_topology tool to force a cache refresh
Consider filtering by resource type for large subscriptions

Network Issues

Ensure your environment has access to Azure APIs
Check firewall and proxy settings if running behind corporate networks

Contributing

Fork the repository
Create a feature branch
Make your changes
Test thoroughly
Submit a pull request

License

This project is licensed under the ISC License - see the package.json file for details.

This server cannot be installed

security - not tested

license - not found

quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Enables exploration and analysis of Azure infrastructure by querying Azure Resource Graph, ARM, and Network Watcher APIs to create interactive topology maps. Provides tools for searching resources, discovering relationships, finding connectivity paths, and visualizing complete Azure infrastructure topologies.

Related MCP Servers

adx-mcp-server
pab1it0
A
security
A
license
A
quality
AI assistants to query and analyze Azure Data Explorer databases through standardized interfaces.
Last updated -
4
45
MIT License
Azure Resource MCP Server
tim10002
-
security
F
license
-
quality
Provides tools for listing and querying Azure resources directly from any MCP client, allowing you to efficiently browse your Azure infrastructure and analyze costs without leaving your workflow.
Last updated -
2
Cloud PC Management MCP Server
complexdevel
-
security
A
license
-
quality
Enables management of Azure Cloud PCs using the Microsoft Graph API, allowing users to list available Cloud PCs in their tenant through Claude Desktop.
Last updated -
MIT License
Azure Resource Graph MCP Server
hardik-id
A
security
A
license
A
quality
A Model Context Protocol server for querying and analyzing Azure resources at scale using Azure Resource Graph, enabling AI assistants to explore and monitor Azure infrastructure.
Last updated -
1
10
MIT License

View all related MCP servers

Azure Topology Graph MCP Server