Get Started with Azure Scripting for Cloud Automation

Author

Reads 1.1K

Free stock photo of abstract code, algorithm, backend
Credit: pexels.com, Free stock photo of abstract code, algorithm, backend

Azure scripting is a powerful tool for automating tasks in the cloud. It allows you to run scripts on virtual machines and other Azure resources.

To get started with Azure scripting, you'll need to install the Azure PowerShell module. This module provides a set of cmdlets that you can use to interact with Azure resources.

The Azure PowerShell module can be installed using the Install-Module cmdlet. This cmdlet is used to install and update modules in PowerShell.

Once you've installed the Azure PowerShell module, you can use it to connect to your Azure subscription using the Connect-AzAccount cmdlet. This cmdlet establishes a connection to Azure and allows you to use the Azure PowerShell cmdlets to manage your resources.

Setting Up

To get started with Azure scripting, you'll need to install PowerShell and the Azure cmdlets. I had to upgrade to PowerShell 4 to get this to work, so be sure to check your version.

Credit: youtube.com, How to use Azure Automation with PowerShell | Azure Tips and Tricks

Fire up PowerShell and check your version with the command: Get-PowerShell. If you need to upgrade, you can find instructions at http://social.technet.microsoft.com/wiki/contents/articles/21016.how-to-install-windows-powershell-4-0.aspx.

You can run a test Azure command to see if everything is working correctly. For example, run the command and see if you get an error about your credentials.

Creating and Managing Runbooks

To create a Runbook, you'll need to create a container for your script. A Runbook is essentially a script that you'll run to automate tasks.

You can create a Runbook with PowerShell Script, which lists all published Runbooks available for automation.

Once created, you'll be taken to a page to edit the PowerShell script to run. You'll need to write the necessary PowerShell scripts for the automation.

In my experience, it's essential to save and test the PowerShell script before publishing. You can do this by clicking on the "Save" and "Test pane" buttons in the code editor.

Credit: youtube.com, Create and Run PowerShell Runbooks in Azure Automation

Publishing the Runbook is crucial, as it must be published to create schedules. You can also use App ID and App Secret for authentication.

After publishing, you can use the Runbook to automate tasks, such as generating a storage report for all sites in the tenant and sending out an email.

Automation and Scheduling

Automation and Scheduling is a crucial aspect of Azure scripting. You can create an automated scheduled task in Azure using Azure Automation, which allows you to schedule PowerShell scripts to run at specific times or intervals.

To get started, create an Azure Automation Account, which serves as the central hub for your automation tasks. Then, you'll need to set up credentials to connect to SharePoint Online and import the necessary modules for your script to run.

Here are the high-level steps to create an automated scheduled task in Azure:

  1. Create an Azure Automation Account
  2. Setup Credentials to connect to SharePoint Online
  3. Import Necessary Modules
  4. Create a Runbook and add scripts to run
  5. Schedule the PowerShell Script

Once you've created a Runbook, you can add a schedule to your PowerShell script by clicking on the "Schedules" tab and creating a new schedule. You can choose from various recurrence options, such as daily or weekly, and set the start date, time, time zone, and expiry date as needed.

Create Automation Account

Credit: youtube.com, Start an Azure Automation Runbook with a Schedule or PowerShell

To create an automation account, you can log in to the Azure Portal through a web browser. Click on the "Create a resource" button and search for "Automation" to create a new automation account. I've created an automation account as "SharePoint-Online-Reporting" in my scenario.

To create an automation account, follow these steps:

  1. Login to Azure Portal https://portal.azure.com through a web browser.
  2. Click on the “Create a resource” button >> Search and find “Automation” >> Click on “Add” to create a new automation account.

Once created, you'll be taken to the automation account page that was created.

Add a Schedule

Adding a schedule to your automation tasks is a crucial step to ensure they run at the right time. To do this, click on the "Schedules" tab from the Runbook created, and then click on the "Add a schedule" link.

You can choose to link a schedule to your runbook by clicking on the "Create a new schedule" link. This will prompt you to enter the necessary details for your schedule, such as name, description, start date, time, time zone, and recurrence details. For example, you can set the schedule to run every day at a specific time.

Credit: youtube.com, Automic Automation: Schedules

To create a new schedule, follow these steps:

  1. Click on “Schedules” from the Runbook created >> Click on the “Add a schedule” link.
  2. Choose “Link a Schedule to your runbook” >> Click on the “Create a new schedule” link.
  3. Enter the necessary details for your schedule, such as name, description, start date, time, time zone, and recurrence details.

Note that you can also use the Windows Task Scheduler to schedule a PowerShell script, but using Azure's built-in scheduling feature provides more flexibility and control.

Security and Permissions

To configure the minimum permissions for deployment script execution, you need to assign a custom role with specific properties to the deployment principal. This custom role should have the following properties: "roleName": "deployment-script-minimum-privilege-for-deployment-principal", "description": "Configure least privilege for the deployment principal in deployment script", "type": "customRole", "IsCustom": true, and a list of permissions that include "Microsoft.Storage/storageAccounts/*", "Microsoft.ContainerInstance/containerGroups/*", "Microsoft.Resources/deployments/*", and "Microsoft.Resources/deploymentScripts/*".

The custom role should also specify the assignable scopes as "[subscription().id]". If the Azure Storage and the Azure Container Instance resource providers haven't been registered, you will also need to add Microsoft.Storage/register/action and Microsoft.ContainerInstance/register/action.

To ensure the identity used by your deployment script has the necessary permissions, you must authorize it outside of your template deployment. This can be done by precreating a user-assigned managed identity and assigning it an app role for Microsoft Graph.

Permissions

Credit: youtube.com, Linux File Permissions in 5 Minutes | MUST Know!

Permissions are a crucial aspect of securing your deployment script. To work with the Microsoft Graph API, your deployment script's identity needs to be authorized with the necessary permissions.

The identity requires permission to perform the operations it carries out, and you must authorize it outside of your template deployment. For example, you can pre-create a user-assigned managed identity and assign it an app role for Microsoft Graph.

To configure least-privilege permissions for the deployment principal, you need to assign a custom role with specific properties. This involves creating a custom role with the following properties:

  • Role name: deployment-script-minimum-privilege-for-deployment-principal
  • Description: Configure least privilege for the deployment principal in deployment script
  • Actions: Microsoft.Storage/storageAccounts/*, Microsoft.ContainerInstance/containerGroups/*, Microsoft.Resources/deployments/*, and Microsoft.Resources/deploymentScripts/*
  • Assignable scopes: [subscription().id]

If the Azure Storage and Azure Container Instance resource providers haven't been registered, you'll also need to add Microsoft.Storage/register/action and Microsoft.ContainerInstance/register/action to the custom role.

Pass Secured Strings

You can pass secured strings to your deployment script by setting environment variables in your container instances. This allows for dynamic configuration of the application or script run by the container.

The max allowed size for environment variables is 64 KB.

Troubleshoot and Support

Credit: youtube.com, Azure Help & Support

You can retrieve data about the state of extension deployments from the Azure portal and by using the Azure PowerShell module.

To see the deployment state of extensions for a VM, run the command: Extension output is logged to files found under the following folder on the target virtual machine: ...\Downloads\2.

The extension sets this directory as the current working directory, enabling the use of relative paths to locate the files downloaded by using the fileURIs property.

Downloaded files are mapped into download subdirectories to reflect the structure of the fileUris values, which means the absolute directory paths change over the lifetime of the VM.

It's better to opt for relative script/file paths in the commandToExecute string, whenever possible, to avoid issues with changing directory paths.

For example, use paths like "C:\path\to\file" instead of "C:\Users\username\Downloads\file".

Frequently Asked Questions

What scripting language does Azure use?

Azure supports a wide range of popular programming languages, including Python, JavaScript, and Java, among others. Discover the full list of supported languages and explore how Azure can help you build your next project.

Which scripting language is best for Azure DevOps?

For Azure DevOps, Python is a top choice due to its simplicity and extensive library support, making it ideal for automation and scripting tasks. Its versatility and ease of use make it a popular choice among DevOps professionals.

Thomas Goodwin

Lead Writer

Thomas Goodwin is a seasoned writer with a passion for exploring the intersection of technology and business. With a keen eye for detail and a knack for simplifying complex concepts, he has established himself as a trusted voice in the tech industry. Thomas's writing portfolio spans a range of topics, including Azure Virtual Desktop and Cloud Computing Costs.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.