azure automation runbook

Azure – Authenticate to Azure using PowerShell and Azure Automation Runbook

Authenticate to Azure subscription using PowerShell

The first task before working with any Azure services using PowerShell is to authenticate to your Azure subscription. Below is the cmdlet that allows you to authenticate to your subscription. It prompts you to enter your login credentials. If you have enabled MFA (Multi-Factor Authentication), you will have to provide the necessary details to complete the authentication process.

Login-AzureRmAccount

The above cmdlet requires user intervention to provide credentials, now we cannot have user intervention while authenticating programmatically. The below script will help us authenticate programmatically.

# Create a text file to store the password encrypted

"P@ssworD" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | out-file "C:\pass.txt" -Force




# Load the encrypted string

$secpasswd =  Get-Content "C:\pass.txt" | ConvertTo-SecureString




# Create a PS Credential object

$mycreds = New-Object System.Management.Automation.PSCredential ("<Azure_login_ID>", $secpasswd)




# Authenticate with Azure

Add-AzureRmAccount -Credential $mycreds

If your email ID is registered with multiple subscriptions, you will log in to a default subscription. The below cmdlet will list all the subscriptions that your email Id is registered with:

Get-AzureRmSubscription

Any Azure PowerShell cmdlets you run henceforth will query the default subscription. That is, retrieve the details about the resources from that subscription. Use the below cmdlet to change the subscription:

Select-AzureRmSubscription -Subscription "44f62222-39b8-4b2f-9999-36d5555587f7"

Pass the “ID” that you get from Get-AzureRmSubscription cmdlet as a value to the “-Subscription” parameter.

Authenticate to Azure subscription via Azure Automation Runbook

Azure offers more than one way of automating your infrastructure. One such service is Azure Automation Account. Your runbooks will need to authenticate to your Azure environment before it can act on your Azure resources.

To achieve this, you will need a “RunAs” connection to your Azure Automation Account. Below link will help you create one using Azure Portal.

https://docs.microsoft.com/en-us/azure/automation/manage-runas-account#create-a-run-as-account-in-the-portal

Once you have the Account set up, use the below code in the Azure Automation Runbook to authenticate with your Azure subscription:

$connectionName = "AzureRunAsConnection"




try{

    #Getting the service principal connection "AzureRunAsConnection"

    $servicePrincipalConnection = Get-AutomationConnection -name $connectionName




    "Logging into Azure..."

    Add-AzureRmAccount -ServicePrincipal -TenantID $servicePrincipalConnection.TenantID -ApplicationID $servicePrincipalConnection.ApplicationID -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint




}

catch{

    if(!$servicePrincipalConnection){

        $ErrorMessage = "Connection $connectionName not found."

        throw $ErrorMessage

    }else {

        Write-Error -Message $_.Exception

        throw $_.Exception

    }

}




if($err) {

throw $err

}

Click here to download my PowerShell scripts for Free !!

Click here for Azure tutorial videos !!

PowerShell – Delete Azure blobs older than X number of days

As a cost optimization strategy, organizations decide to retain data that are certain days old and delete the old data.

The same strategy can be implemented in Azure Storage. Let’s say if our application requires data that are 60 days old, then our approach is to retain only 60 days of data. And delete any blob that is older than 60 days.

This script deletes Azure blobs that are older than X days. Here ‘X’ is the number of days that you want to retain the data. (60, as stated in my example)

Download the script

You can create an Azure Automation Runbook from this script and schedule it to run every day. So, you will not be billed for the unwanted data.

Click here to download my PowerShell scripts for Free !!

Click here for Azure tutorial videos !!

PowerShell – Fetch Azure Page Blobs from an Azure subscription

This script fetches the details of PAGE BLOB across the Azure subscription and saves it as a CSV file. The CSV file will be saved under the location from where the script was run.

The general use case could be to understand how many VHD files are present in your subscription. These could be your OS Disks, Datadisks or your VM snapshots.

Download Script Link

If you are looking for a script that generates a report for “unattached” managed and un-managed disks, then please visit the below link:

AZURE – GENERATE REPORT FOR UNATTACHED AZURE DISKS (MANAGED AND UN-MANAGED)

Click here to download my PowerShell scripts for Free !!

Click here for Azure tutorial videos !!

Azure – Audit report (Azure automation runbook)

The PowerShell script is an Azure automation runbook that pulls the below data and populates the data into a CSV file. The script then summarizes the data into an email’s body and sends an email to the recipient with the CSV files as attachments.

If the Azure automation runbook is scheduled to run every day, you will get a summary/high-level view of what is happening in your environment to your email box. The email could be the first report any organization’s high management would desire to look at.

1. Count of De-allocated Azure virtual machines

2. Count of Running Azure virtual machines

3. Count of Stopped Azure virtual machines

4. Count of Azure virtual machines that do not have native backup configured (Azure Back up and Recovery service)

5. Count of Inbound Security rules that causes vulnerability