According to this Official document example from MS Azure team, the following command should display all the VMs in my current subscription. But when I logged-in with my subscription and run the following command, it just brings me back to the command line with no output and no error. I do have VMs in this subscription, and the same login with the same subscription is working for other tasks I am performing in the same session. Question: What I may be missing here, and how can we resolve the issue?
PS C:\Users\MyUserName> Get-azVM
PS C:\Users\MyUserName>
Are you Signed into Azure Connect-AzAccount
Do you have more than one subscription?
If so you might need to switch subscriptions.
Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx"
Related
I am trying to put some auto start policy on my VM on Azure.
So, I used automation account and power shell script to do this from this link: https://adamtheautomator.com/azure-vm-schedule/
But on testing it give me error of Run Login-AzureRmAccount to login
Please suggest how to fix this?
## Get the Azure Automation Acount Information
$azConn = Get-AutomationConnection -Name 'AzureRunAsConnection'
## Add the automation account context to the session
Add-AzureRMAccount -ServicePrincipal -Tenant $azConn.TenantID -ApplicationId $azConn.ApplicationId -CertificateThumbprint $azConn.CertificateThumbprint
## Get the Azure VMs with tags matching the value '10am'
$azVMs = Get-AzureRMVM | Where-Object {$_.Tags.StartTime -eq '10am'}
## Start VMs
$azVMS | Start-AzureRMVM
Regards
ESNGSRJ
This can happen when the Run As account isn't configured appropriately. You will need to create one to provide authentication for managing resources on the Azure Resource Manager using Automation runbooks.
When you create a Run As account, it performs the following tasks:
Creates an Azure AD application with a self-signed certificate, creates a service principal account for the application in Azure AD, and assigns the Contributor role for the account in your current subscription.
Creates an Automation certificate asset named AzureRunAsCertificate in the specified Automation account.
Creates an Automation connection asset named AzureRunAsConnection in the specified Automation account.
Please note the following requirements from the referenced link:
You must have an Azure Automation Account with an Azure Run As account already prepared. If you don’t have this yet, learn how to create one when you go to Create a new Automation account in the Azure portal.
The Azure PowerShell module must be installed. If you don’t have this yet, please go to the Install the Azure PowerShell module page for more information.
Note: You can configure your Runbook to use managed identities as well and it has added benefits as compared to using Run As accounts. You can get started with this tutorial to use managed identity.
I am new to Azure and I've successfully installed PowerShell on my macOS. Now I want to run get-azvm command and stop/delete a vm from on-prem (not cloud shell).
First thing I did from Terminal:
1. PWSH to launch PowerShell
2. Connect-AzAccount, browser opens to authenticate and I get an error:
Connect-AzAccount xx: Device authentication is required.
Trace ID: xx
Correlation ID: xx
+ CategoryInfo : CloseError: (:) [Connect-AzAccount], AadAuthenticationFailedException
I continue with az login command. Result:
You have logged in. Now let us find all the subscriptions to which you have access...
{
}
I run: get-azvm and get another error:
get-azvm : No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Connect-AzAccount to login.
At line:1 char:1
Please, what am I doing wrong? Do I need to register my on-prem machine somewhere?
Thanks for the help.
As mentioned in above comment - you might have conditional access policies enabled on your Azure AD so you might want to check it out and confirm.
Secondly, if that's not the case - try running commands below before you access your azure resources
Add-AzAccount
Get-AzSubscription -SubscriptionId "your_azure_subscription_id" | Select-AzSubscription
$vm = Get-AzVM -ResourceGroupName "your_vm_resource_group_name" -Name "your_vm_name"
Hope it helps?
According to the error from Connect-AzAccount, Looks your account is MFA-enabled, please use the authentication methods to authenticate. Or you can create a service principal, assign a role for it in the subscription, then you can login with the service principal and use it to Get-AzVM, details here.
I continue with az login command. Result: You have logged in. Now let us find all the subscriptions to which you have access..
You should note, Connect-AzAccount is used to login the Azure Powershell, az login is used to login the Azure CLI, they are different. From the output, looks you logged in successfully in Azure CLI, you could use az account set --subscription <subscription-id> to set the subscription which you want to get the VMs from, then use az vm list to list VMs.
Good morning,
I've been trying to get information about all the resources in a given Azure subscription. Is there a way to see all the resources hosted in a subscription?
Have you tried running Az-GetResource via PowerShell
First Install Az Modules
Then would run
Connect-AzAccount
Then after the Pop Up asking to login
Get-AzResource | ft
I have this Azure Powershell script, which successfully backs up a SQL Azure DB to Azure Blob.
In its current form, it requires me to log in via AD.
I now need to implement this script to execute via a Azure Function at specific intervals.
The first snippet of the script:
$subscriptionId = "YOUR AZURE SUBSCRIPTION ID"
Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId $subscriptionId
I thus need to not use Login-AzureRmAccount, but replace it with a method that does not require human input.
I have found this link:
https://cmatskas.com/automate-login-for-azure-powershell-scripts/
In short, the author:
Creates an Azure AD Application (with its own password)
Creates a Service Principal
Assigns Permissions to the Service Principal
This is a once-off manual creation - which is perfect.
The author then logs in to this newly created application
$psCred = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePassword)
Add-AzureRmAccount -Credential $psCred -TenantId e801a3ad-3690-4aa0-a142-1d77cb360b07 -ServicePrincipal
My questions:
Is this what I should do to be able to automate my application and prevent human login?
This Azure AD app created in step 1 - can I use this app as a starting point in my of my Azure functions?
Yes, you can use that route, or use certificate auth, or use an Azure AD user, it can login with user\password, but is considered less secure than service principal.
Yes, you can use one service principal for any number of Azure Functions you would like to.
To use Azure PowerShell in Azure Functions, you may refer to the following response in another SO thread. The example is an HTTP-Trigger, but you can modify it to use a Timer-Trigger for your use-case. Here's the link:
Azure Function role like permissions to Stop Azure Virtual Machines
Run PowerShell as Administrator, you need to install AzureRM in PowerShell,
Login to Azure
Login-AzureRmAccount
Enter your Azure credentials
To get your subscription(s) details
enter
Get-AzureRmSubscription
Use the subscription id to select the subscription.
Select-AzureRmSubscription -SubscriptionId xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Save the AzureProfile using the below command
Save-AzureRmProfile -Path "C:\AzureScripts\profile.json"
The json file can be used to login to Azure
Select-AzureRmProfile -Path "C:\AzureScripts\profile.json"
Put this line on top of you .ps1 file, you does not require human input.
Ref : http://www.smartcoding.in/blog/auto-login-azure-power-shell
In Azure Classic / Service Management, Get-AzureSubscription would give a list of subscriptions in the Tenant with an indicator of which was current.
There was also a Get-AzureSubscription -Current flag that would give you just the current subscription.
Is there a way to find the current subscription in AzureRM.Profile?
Get-AzureRmContext gives you info about the selected subscription, default storage account, etc.
(Get-AzureRmContext).Subscription gives you the current subscription.
Now you can use the new Az commands
Get-AzContext
You can also use Get-AzureRmSubscription
$sub = Get-AzureRmSubscription
$sub.SubscriptionId
This will give you the SubscriptionId