I'm trying to use an azure PUBLISHSETTINGS file as a way to run powershell scripts requiring authentication without having to log in every few days. From the research I've done I assumed that if you had a publishsettings file imported into your powershell, you could run any cmdlets against any of the subscriptions that the publishsettings file contains. When I import my files and run basic cmdlets (Get-AzureVM) I get:
Get-AzureVM : Your Azure credentials have not been set up or have expired,
please run Add-AzureAccount to set up your Azure credentials.
I have no issue adding my own Azure Account to that specific powershell instance but from what I understood once I've imported the files I shouldn't have to.
Any help would be greatly appreciated.
Many thanks
Related
I am trying to shutdown the VM using Azure Automation Account System Managed identity option.
However I am ending up with below error.
As per the other articles it is mentioned to upgrade the module Update-ModulesInAutomationToLatestVersion but I could not update due to below error. I am not sure what is the issue in the script. Same script works with AzureRunAsConnection option without issues ( script ).I even checked with simple login with System Managed Identity it successfully login and fetches the resource group names.
I have tested the above shared script in my automation account. Below are
the couple of observations:
You need to use Connect-AzureRMAccount -Identity cmdlet instead of 'connect-AzAccount` to connect to your subscription because the rest of the script that you have written using Azure RM cmdlets.
If we use AzureRM cmdlets in your run book script the job is getting suspended stating that Azure RM is going to retired and suggesting us to use Az Module in your workflow.
You can refer to this documentation on how to migrate your PowerShell scripts automatically from AzureRM to AZ modules.
If you want to perform start/stop on your virtual Machines you can leverage the Azure Automation start/stop during the off hours feature.
According to the MICROSOFT DOCUMENTATION and looking at your script the Azure Rm module is not supported and it has been updated to the latest version of Az module.
For more information please refer the below links:-
MICROSOFT DOCUMENT|Using a system-assigned managed identity for an Azure Automation account & Troubleshoot runbook issue.
I am trying to use some commands from PowerShell workflow from runbooks in Azure automation account. One of the command is Get-AzureWebsiteJob which uses Azure.Service PowerShell module. This module is not present in the PowerShell module gallery of the automation account. I didn't find it in PowerShell Gallery as well.
Am I missing anything trivial here? Either I need a way to import that module in automation account or need to be able to download as a zip so that I can upload it.
Actually the cmdlet Get-AzureWebsiteJob is in Azure module.
In the Azure module page -> Package Details section, you can find the cmdlet Get-AzureWebsiteJob is included. Here is the screenshot:
To use it in runbook, you just need import that module in automation account, or you can directly deploy that module to azure automation from Azure module like below:
I want to configure the authentication for my Azure function via code, be it powershell, ARM template or an API? is this possible?
i'm under the impression that an Azure Function is nothing more then an App Service so i would assume it resolve around there.
https://learn.microsoft.com/en-us/powershell/module/az.websites/?view=azps-2.0.0#app_service - there doesn't seem to be anything in the powershell.
https://resources.azure.com/ doesn't seem to give much information.
Here is some documentation on how to use managed identities for App Service and Azure Functions: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity
You could create an PowerShell function app with MSI (Managed Service Identity) enable in a consumption plan. Here is some documentation (https://azure.microsoft.com/en-us/resources/templates/101-functions-managed-identity/) on how to do that.
Once the function app is created, you can grant it access to a given resource https://learn.microsoft.com/en-us/powershell/module/az.resources/new-azroleassignment?view=azps-2.0.0#examples
Lastly, the PowerShell function app comes with a profile.ps1 which contains code to authenticate against Azure via MSI out the box.
# Authenticate with Azure PowerShell using MSI.
# Remove this if you are not planning on using MSI or Azure PowerShell.
if ($env:MSI_SECRET -and (Get-Module -ListAvailable Az.Accounts)) {
Connect-AzAccount -Identity
}
Please give it a try and let us know if you run into any issues.
Azure Functions Authentication are still pending. Currently AFAIK there is not a way to add authentication via code except with the Function Host Keys
You can track the issue here in Github
Using terraform is a really good way of configuring these, a good example is below. Also az CLI 'az webapp auth' seems to have really good support now. PowerShell still seems to be lagging behind.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app
I want to use Get-AzureStorageBlob in a powershell script so my client can download files from my Azure Blob storage ( I use Devops to put them there )
The keys are in the script so the client does not need an Azure account.
He does however need to install Azure Powershell
And the instructions ask him to log in to Azure.
Is there an alternative?
If you just operates with azure storage, then you can ignore the "Connect-AzAccount" cmdlet.
After installing azure powershell module, since you have account_name and account_key of storage account, directly use them to download the blob.
But if you want to operate other resources like vm etc.,then you need to the cmdlet "Connect-AzAccount".
When I click Show Details in the right Commands panel I get an error message
cannot be loaded because running scripts is disabled on this system.
I am using powershell script, using this i create/setup vm in azure. I want to run powershell script without azure credentials (right now i am using as below but I don't want to my.publishsettings or publishsettings details in powershell script).
create_vm.ps1
...
azure account import D:\my.publishsettings
...
Is there any want to do same. please suggest me.
There are two ways by which you can connect to and manage your Azure Subscription - One is using X509 Certificate (which is what you're doing when you use publishsettings file) and the other is using Azure AD.
Please see this link for detailed instructions on how you can use Azure AD to manage your Azure Subscriptions: https://azure.microsoft.com/en-in/documentation/articles/powershell-install-configure/. Scroll down to section titled How to: Connect to your subscription.