Introduction to Azure Automation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we get started with azure automation again [Music] hello everyone i'm travis and this is xeraltos back in april of 2018 i did my first video on azure automation i was so much younger back then and what was i thinking with that background anyway a lot has changed with azure automation and it's time to revisit this wonderful azure service in this video we get started again with the basics of creating an automation account and a run book before that please don't forget to like and subscribe and share with a friend on your social media platform of choice become a member for early access to videos ad free will private and check out my courses on azure virtual desktop and hybrid identities with windows ad and azure ad the links are below back to it let's start with what azure automation is have you ever used task scheduler to run powershell scripts it's like that only on steroids and it's not limited to powershell there are other useful features included with azure automation process automation provides a way to automate tasks with powershell powershell workflow or python these tasks can be triggered by schedules or events and can run in azure or on premises configuration manager provides change tracking and inventory a way to watch for changes on windows and linux virtual machines there's also a version of desired state configuration hosted in azure providing a way to apply configurations to vms automatically update management allows us to manage updates on windows and linux systems in azure or other cloud providers and on-premises it shares resources across azure automation such as schedules powershell modules python packages credentials and variables before we go any further i'd like to point out two other similar services to azure automation azure functions is an event driven serverless automation tool in addition to python and powershell it supports other languages including c-sharp java and javascript it leverages an azure app service and can be triggered by web-based calls think of it as a way to build a service that accepts an input and returns an output it can be used for automation but it is different from azure automation in the languages it supports how it's triggered and the way we develop the code it runs matter of fact i moved the first version of an azure virtual desktop auto scale solution to azure functions because the minimum recurrence for azure automation is one hour an azure function can be ran every hour minute or down to seconds let's move on to azure logic apps this is a close cousin to azure automation logic apps uses a graphical user interface to build workflows for process automation there are over 450 connectors providing integration points with other microsoft and third-party services it's like powerapps but build based on consumption not licensed per user both azure functions and logic apps are similar in functionality with azure automation but support different use cases in the upcoming demo we're going to create an azure automation account and deploy a simple powershell run book before that there's one big change from my first video in 2018 that we need to talk about previously if the automation job interacted with azure resources we had to use a run as account this was an account bound to azure automation that provided access to azure resources with our back roles run as accounts had a problem they're based on a certificate created when the automation account is set up and expire in one year if the certificate isn't renewed the account and automation jobs that use the account would stop working now azure automation has a recommended option of creating a system assigned or user assigned a managed identity a system assigned managed identity is created with the automation account and will be removed when that automation account is removed it's bound to the lifecycle of the automation account a user assigned managed identity is created beforehand and we can associate it with an automation account but it's not bound to the life cycle of the account for example if we had an automation account that interacted with multiple resources sql and app services for example we could use a system assigned managed identity to access those resources but if we had multiple azure resources say an azure automation account and an azure function app that both interacted with the same resources we could use a user assigned managed identity setting rights to the resources once and leveraging the same managed identity to provide access to multiple resources an azure sql and an azure app service for this example with that let's get started by setting up an automation account in the azure portal and then publish a run book here we are in the azure portal let's go to create a resource to create an automation account search for automation we'll go to automation and we'll create a new automation account make sure your subscription is selected and create a new resource group for this example i'll use automation rg01 give the automation account a name automation account zero one for this example select your region i'll select central us let's click next to advanced here's where we can create a system assigned or user assigned to manage identity run as accounts is not an option anymore if we select user assigned for user assigned we have to add a pre-created user assigned managed identity as i stated at the beginning of this video that's used when we want to assign permissions to one managed identity and use that across multiple automation accounts or other services azure functions can use managed identities for example we'll use the system assigned managed identity for this example that's bound to the life cycle of this automation account once we remove the account the identity is removed with it let's go to next we'll leave the networking set to public access for now go to next add tags as needed and go to review and create click create once validation passes to finish it just takes a few seconds to finish before we go to the resource let's go to azure active directory and review the system assigned managed identity from azure ad go to enterprise applications change the application type to managed identity and apply here's a list of all the managed identities and we can see our automation account let's open that overview shows a list of account details let's go to roles and administrators we can see the are back roles from this view that are assigned to the account by default we can give the account our back roles to other resources just like a user that will provide the azure automation account rights to interact with azure resources the default roles are all at the azure ad scope if we want the managed identity to interact with resources in the subscription we need to give it rights to that resource for the example coming up we're just going to pull information about the azure automation account so the managed identity will need at minimum read access to the account to add a roll to the managed identity we'll go to the resource group for the azure automation account we just set up we'll go to resource groups we'll go into automation rg01 that's the resource group with our automation account next we'll go to access control iam add a role assignment select reader that will give the managed identity read access to objects in this resource group we'll go to next to members select a member search for the system assigned managed identity you'll have the same name as the automation account we'll select that go to next and review and create now we're ready to create our first run book let's go back to the azure automation account we'll open the account we created this account is new so we don't have any job history yet on the left we can see the features in the automation account including configuration management update management process automation and shared resources also let's go into modules under shared resources this is a list of all the modules that are available for our powershell runbooks we have the option to add new modules update the az modules and browse the powershell gallery we can search and filter to verify the modules our runbooks need are available let's change the filter runtime version to 7.1 it looks like we have all the 7.1 azmodules available next we'll create a simple run book that will use one of the az modules let's go back to process automation run books there are a couple example run books available let's create a new one we'll call it simple runbook for runbook type select powershell notice the other options for python powershell workflow and the options for graphical powershell runbooks we'll select powershell select the runtime version 7.1 and do note that support for 7.1 is in preview once ready click create this is the runbook web editor we'll use this for now let's verify the powershell version by calling the psversion table variable we'll add dollar sign ps version table click save and then go to the test pane this is where we can test the code we can test it by clicking start that submits the job into the queue it'll take a minute to run here it shows the powershell version in the os along with other details we can close the test pane next i want to get some details from azure let's run the command get az automation account to view details about this automation account we're passing in the resource group name and the automation account name let's save this and go to the test pane and we'll start the test we'll give it a minute to finish that doesn't look good what happened well we have a managed identity but we did not authenticate to azure ad with that identity just like you need to log in to interact with azure the runbook has to log in with the managed identity let's do that next we'll close the test pane before we can run the get az automation account command we have to run a series of commands to log in the first command disables context inheritance that's more important if we have parent child run books but it's good to get in the habit of adding next we sign in with a managed identity with the connect az account command and assign the context to a variable after that we set the context i'll include a link to these commands below let's save and test the run book again we'll go to the test pane and start the job we'll give it a minute to finish that looks better now we get the details of the azure automation account remember the runbook can only pull this information because we gave the managed identity read permissions to the azure automation resource group now that we've tested it and it all looks good let's publish it we can close the test pane we can publish the run book with the publish icon on the screen click yes to proceed notice there are no jobs found also if we go back to the overview of our automation account no job show the tests that we run don't count as jobs let's go back to our runbook we'll open the runbook we created and start to run the job we can watch the status as it runs that finished now that it's done we can see inputs outputs errors warnings all logs and exceptions here's the output for the command now if we go back to the automation account overview it shows one job ran successfully that's how we create an azure automation account a managed identity and test and publish a runbook that is how to set up an azure automation account with a system assigned managed identity and run a simple run book please don't forget to like and subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 30,038

Rating: undefined out of 5

Keywords: Process Automation, Azure Automation, runbook, automation, Python, PowerShell, modules, scripts, hybrid worker, update management, sysadmin, cloud computing, workflow, Microsoft, Tutorial, free tutorial, free training

Id: 9Jv3ThPqVco

Channel Id: undefined

Length: 13min 46sec (826 seconds)

Published: Sun Aug 28 2022