I know how to enable soft delete (https://learn.microsoft.com/en-us/azure/key-vault/key-vault-ovw-soft-delete) via template deployment when creating a KeyVault. How can I turn this feature on on an existing KeyVault that has been deployed without soft delete being enabled?
It is of course possible to adjust the template to include the enablement of soft-delete by adding the key-value pair "enableSoftDelete": true to the properties section of the KeyVault resource (see also: Link).
If you want to enable it outside the scope of a template deployment it is possible via manipulating the resource e.g. by using PowerShell:
$vaultName = "keyVaultName1"
($resource = Get-AzureRmResource -ResourceId (Get-AzureRmKeyVault -VaultName $vaultName).ResourceId).Properties | Add-Member -MemberType "NoteProperty" -Name "enableSoftDelete" -Value "true"
Set-AzureRmResource -resourceid $resource.ResourceId -Properties $resource.Properties
Found here: Link
Related
I have resources in a Resource Group in Azure and it wont let me move the resource because it is in a Resource Group that is not the hosting Resource Group even though it has been moved .
I have tried to run the command in Powershell az resource list but cant seem to see the hosting Resource Group of the resource.
Is there a command I can run in Powershell that will give the current Resource Group of the resource and the hosting Resource Group of the resource?
Is there a Powershell command that will give the current Resource Group of the resource?
Yes its the Get-AzureRmResource command:
$resourceId = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
$resource = Get-AzureRmResource -ResourceId $resourceId
$resourceGroupName = $resource.ResourceGroupName
Fortunately there's an alternative to avoid specifying the "ResourceGroupName" which you're trying to find and that's specifying the ResourceType..
$resourceGroupName = Get-AzureRmResource -ResourceName {resourceName} -ResourceType {resourceType} | Select-Object -ExpandProperty ResourceGroupName
Also note the -ExpandProperties parameter in the documentation to include the resource properties.
Based on the shared information, I have understood that you want to know the
hosted resource group(in which resource group got created before move operation).
current resource group (currently where the resource resides in).
We don't have any direct cmdlets to pull this information.
You can make use of activity logs to see the resource move operation and pull the information of resources which were moved & respective target resource group names accordingly using the below cmdlet
Get-AzActivityLog -StartTime (get-date).AddDays(-90) -EndTime (get-date)| Where-Object {$_.Authorization.Action -like "Microsoft.Resources/subscriptions/resourceGroups/moveresources/action" -and $_.OperationName -like "Move Resource Group Resources" -and $_.EventName -like "Begin request" } | Select -ExpandProperty Properties
Sample screenshot for your reference:
Note: Using Get-AzActivityLog cmdlet you can pull logs for only last 90days.
I am trying to find out if its possible to apply multiple tags to all of the resources under a specific Resource Group in Azure. I don't know if this is possible because right now I am doing it manually via the Azure Portal but since our resources exploded I can't do it manually any more.
One of the workaround is that you can add multiple tags to all the resources in you Resource Group through Powershell using New-AzTag. Below is the command that worked for me.
$tags = #{"<Tag1Name>"="<Value1>"; "<Tag2Name>"="<Value2>"}
$rs = get-azresource -ResourceGroup <Your_Resource_Group>
foreach($r in $rs){
New-AzTag -ResourceId $r.ResourceId -Tag $tags
}
In case if you are updating the Tag you can follow the answer suggested by Stanley Gong - Update Azure resource tags for multiple resources - Stack Overflow
$rs = get-azresource -TagName Environment
foreach($r in $rs){
if($r.Tags.Environment -eq 'Non-Prodd'){
$r.Tags.Environment = "Non-Prod"
Set-AzResource -ResourceId $r.ResourceId -Tag $r.Tags -Force
}
}
This can be also done in Azure CLI using az tag create apart from using Azure portal and powershell.
REFERENCES: Tag resources - Microsoft Docs
Specifically, I am looking to write an automation runbook for changing a Function App's HTTP Version from it's 1.1 default to 2.0. I know there is a simple way to do this via CLI commands, but I'm trying to get a working solution using a powershell runbook.
So far, I've been able to find the setting by doing...
$FA = Get-AzFunctionApp -Name <foo> -ResourceGroupName <bar>
$FA.Config.Http20Enabled
False
I've attempted to alter $FA and then pipe it through Update-AzFunctionApp...
$FA.Config.Http20Enabled = $True
$FA | Update-AzFunctionApp
with no success.
Not sure if I'm close to the right solution but I can't seem to find any Azure functionality that changes platform settings in this way. Any insight would be much appreciated!
I was able to find a solution to my original question. Instead of using the AzFunctionApp cmdlets, I used AzResource.
$FA = Get-AzResource -ResourceGroupName <foo> -Name <bar> -ResourceType Microsoft.Web/sites/config -ApiVersion 2021-02-01
$FA.Properties.http20Enabled = $True
Set-AzResource -ResourceId $FA.ResourceId -Properties $FA.Properties
I presume other config settings can be changed along with the property I needed.
I found (as well as the Azure CLI) you can use the PowerShell cmdlets for Web Apps. These work on Azure Functions too!
For simple examples, perhaps to just toggle a feature you can call Set-AzWebApp in one line. Here are two examples:
(1) to enable HTTPS only:
Set-AzWebApp -Name $functionName -ResourceGroupName $rg -HttpsOnly $true
Or (2) to disable FTP/FTPs:
Set-AzWebApp -Name $functionName -ResourceGroupName $rg -FtpsState "Disabled"
For more complex property changes, like enabling HTTP 2.0. You can do this in just a few more lines of PowerShell. See for example:
$funcAsApp = Get-AzWebApp -Name $functionName -ResourceGroupName $rg
$funcAsApp.SiteConfig.Http20Enabled = $true
$funcAsApp | Set-AzWebApp
For more information see the MSDN help here: https://learn.microsoft.com/en-us/powershell/module/az.websites/set-azwebapp?view=azps-6.6.0
I need to bulk update a particular tag which is applied on a variety of resources in Azure like VMs, NSGs, AGWs, RGs, so on and so forth. I need to update this tag for all kind of resources on which they are applied. How can I do the same ? I need to filter resources on basis of Subscription, Region and another tag value ? Can I use AZ CLI or Azure Powershell and if yes, how ? How can I put filter of Subscription, Region and another tag value for bulk tag update ?
To filter with subscription, you need to use Set-AzContext to set the specific subscription, because azure powershell can just run against one subscription, to see the subscriptions that your logged account can access, you could use Get-AzSubscription.
Then you can filter with region and another tag value, after getting them, update their tags via Update-AzTag.
Connect-AzAccount
Set-AzContext -Subscription "<subscription-id>"
$resources = Get-AzResource -TagName "tag1" -TagValue "value1" | Where-Object {$_.Location -eq 'centralus'}
$Tags = #{"tag1"="value1"; "tag2"="value2";}
$resources | ForEach-Object {
Update-AzTag -ResourceId $_.ResourceId -Tag $Tags -Operation Merge
}
You can use Azure PowerShell:
$mergedTags = #{"key1"="value1"; "key3"="value3";}
Update-AzTag -ResourceId /subscriptions/{subId} -Tag $mergedTags -Operation Merge
Original documentation: https://learn.microsoft.com/en-us/powershell/module/az.resources/update-aztag?view=azps-5.3.0
or Az Cli:
https://learn.microsoft.com/en-us/cli/azure/tag?view=azure-cli-latest
I am running Powershell 5 and trying to manipulate my Azure WebApp object using Set-AzureRmWebApp (and NOT Set-AzureResource) to set the "Always On" property of the web app.
My basic code snippet starts with a running web app named "myWebApp", and looks like this:
$name = "myWebApp"
$resourceGroupName = "myResourceGroup"
$app_settings = #{"WEBSITE_LOAD_CERTIFICATES"="*";"CommonDatabase"="Common";"WEBSITE_NODE_DEFAULT_VERSION"="0.10.32"}
$result1 = Set-AzureRmWebApp -ResourceGroupName $resourceGroupName -AppSettings $app_settings -Name $name
$result2 = Set-AzureRmResource -ResourceGroupName $resourceGroupName -ResourceType Microsoft.Web/sites/config -ResourceName $this.name -PropertyObject $propertiesObject -ApiVersion 2015-08-01 -Force
The first Set-AzureRmWebApp statement works. It sets all the variables in $app_settings, and they become visible in the Azure Portal blade for myWebApp.
I tried using "Always On"= on as a property in $app_settings with Set-AzureRmWebApp, and it appeared in the App Settings sub-list in the properties of "myWebApp" on the Azure portal blade, but the actual property "Always On" in the general settings remained off.
I read on another site that using Set-AzureRmResource would work, so I tried it, but it failed.
What do I need to do in Powershell to set a property in the General Settings of my Azure WebApp, specifically "Always On"?
"Always On" is not supported if WebApp is in a free Service Plan tier. If the WebApp is in a free tier, please scale up the App Service Plan. Please refer to the document for more info about how to scale up the App Service Plan.Please have a try to use the solution that sharbag mentioned. It is worked for me and I also check the run result from the azure portal. Snipped code from the solution is as followings:
$ResourceGroupName = 'Your Group Name'
$WebAppName = 'Your WebApp Name'
$WebAppPropertiesObject = #{"siteConfig" = #{"AlwaysOn" = $true}}
$WebAppResourceType = 'microsoft.web/sites'
$webAppResource = Get-AzureRmResource -ResourceType $WebAppResourceType -ResourceGroupName $ResourceGroupName -ResourceName $WebAppName
$webAppResource | Set-AzureRmResource -PropertyObject $WebAppPropertiesObject -Force
If the WebApp in a free tier service plan, when we try to run the PowerShell command to enable "Always On" then we will get the following error message.