Automate Azure Resource Manager with Azure Automation

in Cloud Microsoft Azure on by Gisela Torres

When you’re working with Azure Resource Manager one of the first intent is to automate the process of creating an environment. The steps for this process can be varied, so I want to show you in this post how you can use Azure Automation as automation mechanism in this scenario. The first thing you should do is create an Azure Automation account. From the current portal you can do so in the Automation section, by clicking on the link Create an automation account.

Create an automation account
Create an automation account

Once created, it is necessary to add the module AzureResourceManager, which is not present today and is required to be able to work with the Azure Resource Manager. You can get this module installing Microsoft Azure PowerShell on your local machine. Access to the path C:\Program Files (x 86)\Microsoft SDKs\Azure\PowerShell\ResourceManager to locate the folder that contains the module and generate a zip with it in order to upload it through the portal.

Azure Resource Manager module for Azure Automation
Azure Resource Manager module for Azure Automation

Access your Azure Automation account, click on the ASSETS section and select the Import Module option in the menu.

Import integration module
Import integration module – AzureResourceManager

The process will take a few minutes, but It will be available for all runbooks created in this account.

Extracting activities from the integration module. Module - AzureResourceManager
Extracting activities from the integration module. Module – AzureResourceManager

To finish the configuration of the new account, it is necessary to create an Azure Active Directory user and add it as co-administrator of your subscription, in the same way that I explained in this article. Once you have it you must add it through ADD SETTING > ADD CREDENTIAL. The credential type is Windows PowerShell Credential which ask for a name for the credential and a descriptionIn my case, I use the same name as the user to be clear who is such a credential.

Azure Automation - Add Settings - Add Credential
Azure Automation – Add Settings – Add Credential

Finally, you must indicate the user name and the same password to save the credential as an asset of Azure Automation.

Azure Automation - Add Credential - Define Credential
Azure Automation – Add Credential – Define Credential

Now that you have the account you only need to create a runbook with your workflow to create the environment. To do this you have add it by clicking in NEW > APP SERVICES > AUTOMATION > RUNBOOK > QUICK CREATE.

Azure Automation - Create runbook . buildenv
Azure Automation – Create runbook . buildenv

The script that comes with the ARM projects doesn’t work directly. Thanks to my colleague João Soares, we have built a workflow that I’ve been using to perform this task:

workflow buildenv
{
    #1. Subscription Name and Credential
    $SubscriptionName = "Windows Azure MSDN - Visual Studio Ultimate"
    $Cred = Get-AutomationPSCredential -Name "gisautomation@giselatboutlook.onmicrosoft.com"
    #2. Add Azure Account
    Add-AzureAccount -Credential $Cred
    #3. Select Subscription Account
    Select-AzureSubscription -SubscriptionName $SubscriptionName
    #4. Resource Name, Location and ARM files
    $ResourceGroupName = "MyNewEnvironment"
    $ResourceGroupLocation = "West Europe"
    #4.1 ARM files and Azure Storage account
    $TemplateFile = "WebSite.json"
    $TemplateParametersFile = "WebSite.param.dev.json"
    $Container = "templates"
    $StorageAccount = "resourcemanagerstore"
    #5. Download the Json File and convert it to an Hashtable
    $HashTable = @{}
	$HashTable = InlineScript {
		$StorageKey = (Get-AzureStorageKey -StorageAccountName $using:StorageAccount).Primary
		$StorageContext = New-AzureStorageContext $using:StorageAccount $using:StorageKey
		$TemplateFile = New-AzureStorageBlobSASToken -Blob $using:TemplateFile -Container $using:Container -Context $using:StorageContext -FullUri -Permission r
		$TemplateParametersFile = New-AzureStorageBlobSASToken -Blob $using:TemplateParametersFile -Container $using:Container -Context $using:StorageContext -FullUri -Permission r
		$JSONFile =Invoke-RestMethod -Method Get -Uri $TemplateParametersFile
		$HashTable = @{}
		$JSONFile.parameters | get-member -MemberType NoteProperty | Where-Object{ -not [string]::IsNullOrEmpty($JSONFile.parameters."$($_.name)")} | ForEach-Object {$HashTable.add($_.name,$JSONFile.parameters."$($_.name)".value)}
		$HashTable
        #6. Call New-AzureResourceGroup and pass the hashtable as TemplateParameterObject
        New-AzureResourceGroup -Name $using:ResourceGroupName -Location $using:ResourceGroupLocation  -TemplateParameterObject $HashTable -TemplateFile $TemplateFile  -Verbose -Force
    }
    Write-Output "Done"
}

Once published and released the runbook your environment is ready to be used:

MyNewEnvironment - ARM and Azure Automation
MyNewEnvironment – ARM and Azure Automation

Remember that the runbooks can be programmed through the SCHEDULE tab.

Cheers!