Log Analytics is a great tool for storing and searching log data. We can link an Azure Automation account to a Log Analytics workspace, but the process may not be as obvious as one would think. In this video, we create a Log Analytics workspace then link it to Azure Automation account. Next, we configure the Automation account to send diagnostic data to a Log Analytics workspace and verify data goes to the workspace.Continue reading “Link Azure Automation to Log Analytics”
Storing important automation scripts on a file share or local hard drive? There is a better way with Azure Automation and Source Control integration. In this video, we review how to enable source control integration with an Azure Automation account. We look at the options, then walk-through configuring Source Control with Azure DevOps, identifying where we can specify to use GitHub instead. Finally, we add, modify, and delete an Azure Automation runbook.Continue reading “Manage Azure Automation Runbooks with Git Source Control”
Azure Automation is a process automation tool hosted in Azure. It provides the ability to run scripts or Runbooks in Azure, other clouds, or On-premises by a schedule or other event trigger. In addition, we can manage inventory and change tracking with Configuration Management, keep computers up to date with Update Management, and share resources such as modules, schedules, and credentials with share resources.Continue reading “Introduction to Azure Automation (again)”
What do you do if you are setting up a new Runbook in Azure Automation and get a message similar to:
“Cannot validate argument on parameter ‘Subscription.’ The argument is null or empty.”
And this is a new managed identity, or maybe the first time using the identity?
Looking at the roles assigned to a new System Assigned Managed Identity, we can see that all the RBAC roles are from Azure AD. Remember, the subscription and Azure AD are different scopes for RBAC roles. By default, a new System or User Managed Identity does not have rights to the subscription.
The default settings have no Subscription level rights. Because of that, no subscription value returns when the Connect-AzAccount -Identity command runs to authenticate the runbook with the managed identity. We can verify that with the output from the $AzureContext variable used to authenticate the runbook.
The fix is easy, assign the managed identity a role in the subscription. Odds are, you intend to do that anyway. After all, why log in with the managed identity if it’s not going to interact with the subscription?
Once we assign a role in the subscription, the login context will have a subscription to add.
The Azure AD and MSOnline PowerShell Modules will be depreciated soon. The replacement is the Microsoft Graph PowerShell module based on the Microsoft Graph API. This video is for those new to the Microsoft Graph API. The video starts by reviewing the change and outlining differences between the Azure AD and MSOnline modules and the new Microsoft Graph module. We then move on to examples using groups. We search for a group, add a group, update group membership, and then remove the group.Continue reading “Getting Started with Microsoft Graph and PowerShell”
In this video, we build an Azure DevOps pipeline with stages to deploy resources built with Terraform. We start by reviewing the environment including the code and the storage account used for the backend Terraform data. We add the Terraform extension to DevOps and create a multiple stage Azure DevOps pipeline with tasks to initialize, verify plan and apply the Terraform configuration. Next, we create a second pipeline to run the destroy command to clean up the deployment.Continue reading “Azure DevOps Pipelines with Terraform and Stages”
In this video, we build on DevOps repos by creating an Azure DevOps pipeline that deploys Azure Bicep template files. We start by creating a service connection, allowing DevOps to deploy resources to Azure. Next, we create multiple pipeline jobs, splitting the deployment into two parts, or jobs, that run sequentially. One job deploys resources to Azure and the other removes the resources. A dependency is used to only run the second job if the first is successful. Azure Bicep files are used for this example. We review the modular deployment then create a parameters file to set configuration parameters for the deployment.Continue reading “Azure DevOps and Bicep Pipelines”
In this video, we build on DevOps Repos by crating a PowerShell file and running it within a PowerShell based DevOps pipeline. A pipeline is an automation tool built into Azure DevOps that supports continuous integration, continuous development (CI/CD). We review creating a starter pipeline, edit the pipeline to conclude inline PowerShell commands and a PowerShell Script. We then add variables to the pipeline and change the trigger to only run manually.Continue reading “Azure DevOps and PowerShell Pipelines”