The --debug switch in Azure CLI is very useful for me.
Do we have such feature (--debug) in Azure Poweshell?
Please note that I am not asking how to debug PowerShell scripts. I am looking for a feature to trace the calls that Azure Poweshell cmdlets are making to management.azure.com without using the tools like WireShark. Azure CLI's --debug perfectly does that.
You can run Azure PowerShell cmdlets in Debug mode. This is known as a common parameter, which can be used with any cmdlet.
For example, you could run Get-AzResourceGroup -Debug to trace the GET request to https://management.azure.com and all the programmer-level detail operations happening in the background to fetch the resource groups from the ARM API.
Related
I am trying to shutdown the VM using Azure Automation Account System Managed identity option.
However I am ending up with below error.
As per the other articles it is mentioned to upgrade the module Update-ModulesInAutomationToLatestVersion but I could not update due to below error. I am not sure what is the issue in the script. Same script works with AzureRunAsConnection option without issues ( script ).I even checked with simple login with System Managed Identity it successfully login and fetches the resource group names.
I have tested the above shared script in my automation account. Below are
the couple of observations:
You need to use Connect-AzureRMAccount -Identity cmdlet instead of 'connect-AzAccount` to connect to your subscription because the rest of the script that you have written using Azure RM cmdlets.
If we use AzureRM cmdlets in your run book script the job is getting suspended stating that Azure RM is going to retired and suggesting us to use Az Module in your workflow.
You can refer to this documentation on how to migrate your PowerShell scripts automatically from AzureRM to AZ modules.
If you want to perform start/stop on your virtual Machines you can leverage the Azure Automation start/stop during the off hours feature.
According to the MICROSOFT DOCUMENTATION and looking at your script the Azure Rm module is not supported and it has been updated to the latest version of Az module.
For more information please refer the below links:-
MICROSOFT DOCUMENT|Using a system-assigned managed identity for an Azure Automation account & Troubleshoot runbook issue.
I'm simply trying to extract the below information using Az PowerShell.
Resource on portal
Already tried the below commands
Get-AzCloudService -ResourceGroupName "testCosmosDB" # it gives no result.
Get-AzCloudService -ResourceGroupName "testCosmosDB" -CloudServiceName "testnameon" # as shown below.
The reason you're getting this error is because Az PowerShell module only support Cloud Services (Extended Support) and not Cloud Services (Classic).
One option for you is to migrate your classic Cloud Services to Cloud Services (Extended Support). You can learn more about the migration here: https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/overview#migration-to-azure-resource-manager.
Another option (not sure if it is even viable) is to make use of really old version of Azure PowerShell (even before AzureRM) which has support for classic resources.
The --debug switch in Azure CLI is very useful for me.
Do we have such feature (--debug) in Azure Poweshell?
Please note that I am not asking how to debug PowerShell scripts. I am looking for a feature to trace the calls that Azure Poweshell cmdlets are making to management.azure.com without using the tools like WireShark. Azure CLI's --debug perfectly does that.
You can run Azure PowerShell cmdlets in Debug mode. This is known as a common parameter, which can be used with any cmdlet.
For example, you could run Get-AzResourceGroup -Debug to trace the GET request to https://management.azure.com and all the programmer-level detail operations happening in the background to fetch the resource groups from the ARM API.
So I have setup a deployment of an Arm Template with some Logic Apps with some related diagnostic setting for Event hub, see img.
Event Hub Settings
However, when deploying the same template again, we get the error: "Data sinks can’t be reused in different settings on the same category for the same resource".
And the solution is to remove the diagnostic settings before a new deploy. But I don't want to manually do this each time we do a new deploy.
Have someone figured out a workaround for this?
Thanks!
You can either use PowerShell command or Azure CLI command to remove a diagnostic setting for the resource.
PowerShell command (You can find the documentation here):
Remove-AzDiagnosticSetting -ResourceId "Resource01" -Name myDiagSetting
Azure CLI command (You can find documentation here):
az monitor diagnostic-settings delete --name "myDiagSetting" --resource "Resource01"
I want to configure the authentication for my Azure function via code, be it powershell, ARM template or an API? is this possible?
i'm under the impression that an Azure Function is nothing more then an App Service so i would assume it resolve around there.
https://learn.microsoft.com/en-us/powershell/module/az.websites/?view=azps-2.0.0#app_service - there doesn't seem to be anything in the powershell.
https://resources.azure.com/ doesn't seem to give much information.
Here is some documentation on how to use managed identities for App Service and Azure Functions: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity
You could create an PowerShell function app with MSI (Managed Service Identity) enable in a consumption plan. Here is some documentation (https://azure.microsoft.com/en-us/resources/templates/101-functions-managed-identity/) on how to do that.
Once the function app is created, you can grant it access to a given resource https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azroleassignment?view=azps-2.0.0#examples
Lastly, the PowerShell function app comes with a profile.ps1 which contains code to authenticate against Azure via MSI out the box.
# Authenticate with Azure PowerShell using MSI.
# Remove this if you are not planning on using MSI or Azure PowerShell.
if ($env:MSI_SECRET -and (Get-Module -ListAvailable Az.Accounts)) {
Connect-AzAccount -Identity
}
Please give it a try and let us know if you run into any issues.
Azure Functions Authentication are still pending. Currently AFAIK there is not a way to add authentication via code except with the Function Host Keys
You can track the issue here in Github
Using terraform is a really good way of configuring these, a good example is below. Also az CLI 'az webapp auth' seems to have really good support now. PowerShell still seems to be lagging behind.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app