With many organizations migrating IT services to the cloud, there needed to be a platform to manage various automation...
tasks around those services. In the Microsoft Azure cloud, that platform is called Azure Automation. This feature gives administrators the ability to create an Azure runbook to manage cloud resources more easily.
Azure Automation is a native Microsoft tool to run Windows PowerShell platform as a service (PaaS). With Azure Automation, an administrator can run PowerShell scripts and workflows directly from Microsoft's cloud rather than having to execute code on premises.
Azure Automation isn't just a virtual machine (VM) running within an Azure subscription that kicks off PowerShell scripts. It's built directly into Azure, so you can integrate PowerShell into much more sophisticated automation tasks since Azure Automation is treated just like any other Azure PaaS and has direct ties into Azure resources.
This integration, however, makes Azure Automation more complex than simply uploading a PowerShell script into Azure and running it. To get started, you need to understand the different ways to use existing PowerShell code and how to build PowerShell scripts and workflows from scratch with Azure Automation. Start with runbooks, the building blocks of Azure Automation. Runbooks are essentially PowerShell scripts for Azure. They are a way of separating tasks and are executed by PowerShell.
Configuring an Azure runbook
We can learn how to set up an Azure runbook by creating one that simply returns a list of all of the VMs in the subscription.
Before you can create an Azure runbook, you must have a Microsoft Automation account, which hosts various runbooks, settings from PowerShell Desired State Configuration and other resources. Create an Automation account through the Azure portal or by using the Azure PowerShell module. For this article, we'll use PowerShell.
Creating an Azure Automation account with PowerShell is straightforward. The Azure PowerShell module has a cmdlet called New-AzureRmAutomationAccount -- just provide a name for the account, a resource group name it will be placed in and the location where it will be created.
New-AzureRmAutomationAccount -ResourceGroupName adbdemoresourcegroup -Name adamtheautomator -Location 'East US 2'
The account will then show up in the Azure portal (Figure 1).
Click on the Automation account and you'll see an area for existing runbooks, or start creating your own.
Click on the option to Add a Runbook, then click Create a new runbook, and provide a name and a type (Figure 3).
The Runbook type dropdown reveals that this isn't simply a PowerShell script. It presents a few different options on what kind of Azure runbook to create (Figure 4).
We'll focus on the most common type of runbook: PowerShell. However, if you're interested in the other runbook types, take a look at Microsoft's documentation around them.
I create a PowerShell runbook and call it GetMyVms. I'm dropped directly into an editor in the Azure portal to do my coding -- write PowerShell code as usual. To retrieve information about Azure VMs, authenticate just like you would on premises. However, in an Azure runbook, there's no interactivity, which means you can't bring up a username/password prompt like you might have done when running Add-AzureRmAccount in a console. Instead, create a credential object ahead of time and pass that to the script at runtime. To do that, create an Automation asset which, in this case, will be a credential. Automation assets are a great benefit of using Microsoft Automation, as they store any sensitive information, such as a credential, inside of Azure encrypted.
To create this credential asset, drop down into the local PowerShell console again and run the New-AzureRmAutomationCredential cmdlet to create a credential asset that represents access to the Azure subscription:
New-AzureRmAutomationCredential -Name 'Full Administrator' -Description 'To authenticate to my Azure subscription' -Value (Get-Credential) -ResourceGroupName adbdemoresourcegroup -AutomationAccountName adamtheautomator.
View this credential asset by clicking on the Automation account and then choosing Assets (Figure 5).
Reference the credential asset inside of the runbook via the Get-AutomationPSCredential cmdlet. Head back to the runbook, click Edit and place the reference to the credential:
$credential = Get-AutomationPSCredential -Name 'Full Administrator'
With the credential available to authenticate, include the Add-AzureRmAccount reference to authenticate to the Azure subscription, and click Publish (Figure 6).
In the runbook list, select the newly created runbook and click Start. The Azure runbook will be queued, known in Microsoft Automation as a Job. It will run and then provide a status, which is viewable via Output (Figure 7).
This example Azure runbook does not show much since it doesn't have much functional code. Place the Get-AzureRmVm reference in the runbook and run it again to see if it returns all VMs.
Microsoft Automation returned a list of all of my VMs, showing the Azure runbook is done and working. While it is a simple runbook, following along the steps to create it should give you the foundational knowledge to create an Azure Automation runbook, which will prove necessary when creating additional more complex PowerShell automation tasks.
PowerShell management moves into the Azure cloud
Using PowerShell and Azure to launch Windows Server containers
How Operations Management Suite can help manage Azure