Azure Automation deallocate Azure VM’s

Azure Automation deallocate Azure VM’s

Quite a while ago, I created a simple solution when it comes to deallocating VM’s in Azure for one simple reason: I basically kept forgetting to properly deallocate resources, resulting in some surprises when reviewing the bill (The post can be found here).

Fortunately Microsoft introduces (still in preview at the moment) a more robust and elegant way of hosting and executing your PowerShell automation assets which is called Microsoft Azure Automation. This post will cover how to move existing Azure related PowerShell scripts within Microsoft Azure Automation.

NOTE: When new to Microsoft Azure Automation, please consider reviewing the following resources.

My scenario;Deallocate a list of VM’s at midnight.

What’s important to know is that a while ago it was necessary to setup certificate-based authentication within Azure which consists out of a number of steps. Fortunately this can be avoided using Microsoft Azure organization identity credential-based authentication. Jobs aren’t running within the portal but a separate environment, therefore it’s required to authenticate before you can access your Azure resources.

Authenticating using Azure Active Directory

Step 1 – Creating the Automation account

  • Within the Azure Management Portal, make sure you are logged in as an Administrator.
  • Open Active Directory as found within the right menu.

Windows_Azure_Active_Directory_1

  • Select the Active Directory associated with the Azure subscription to manage

Windows_Azure_Active_Directory_2

  • Select the USERS tab following by the ADD USER button located on the bottom of the page.

Windows_Azure_Active_Directory_3

  • Within the ADD USER Dialog, make sure to select “New user in your organization” and provide a name.

Windows_Azure_Active_Directory_4

  • In the USER PROFILE screen, provide a name and make sure the ROLE is set to User and MULTI-FACTOR AUTHENTICATION isn’t enabled

Windows_Azure_Active_Directory_5

  • On the next screen, click the CREATE button to generate a password and copy both the username as the generated password.

Windows_Azure_Active_Directory_6

  • Open a different browser or incognito session and try to login into the Microsoft Azure portal with the new account.

Windows_Azure_Active_Directory_7

  • And change the temporary password

Windows_Azure_Active_Directory_8

Step 2 – Enabled subscription management for the automation user

  • To grant the automation user permission to manage the Azure subscription, login using your Azure Admin account (not the automation user).
  • Open Settings as found within the right menu.

Windows_Azure_Active_Directory_9

  • Click on the ADMINISTRATORS tab > Click the ADD button located on the bottom of the page.
  • Copy the full user name of the created automation user and the desired subscriptions you want this user to be able to manage.

Windows_Azure_Active_Directory_10

Step 3 – Create a Microsoft Azure Automation Credential Asset used as a reference to the Automation user within your Runbook code

  • Within the Microsoft Azure Automation section of the portal, select the Azure Automation Account which requires to access to Azure resources using the Automation user (or create a new Azure Automation Account).
  • Select the ASSETS tab and Click the button called ADD SETTINGS.

Windows_Azure_Active_Directory_11

  • Select ADD CREDENTIAL within the first screen.
  • On the Define Credential screen, select “Windows PowerShell Credential” and provide a name.

Windows_Azure_Active_Directory_12

  • And provide the full user name of the Automation user and matching password. Note that this screen won’t validate the validity of the user.

Windows_Azure_Active_Directory_12b

Step 4 – Test the Automation user

  • Open the Azure Automation account Within the Microsoft Azure portal.
  • Create a new Runbook within this account by clicking on the tab RUNBOOKS and NEW » RUNBOOK » Quick Create and provide the name “Test”.
  • Open the just created Workbook and click on the AUTHOR tab
  • Replace the default PowerShell workflow code with the sample below

NOTE: You will need to set the Azure Subscription if the automation users has access to multiple subscriptions

Select-AzureSubscription -Current "XYZ"

  • Invoke the Runbook by clicking the TEST button.

Windows_Azure_Active_Runbook_1

This should result in a Azure VM object dump as displayed below:

Windows_Azure_Active_Runbook_2

Step 5 – Creating the Shutdown Runbook

At this point you will be able to access Azure resources from within your Runbooks and therefor we can continue creating the Shutdown Runbook.

  • Create a new Runbook by clicking on the tab RUNBOOKS and NEW » RUNBOOK » Quick Create. Name Shutdown
  • Open the AUTHOR tab and include the following script:

Runbooks can be consumed by other runbooks and therefore it’s important to construct them in a modular way. Eliminating hard-coded values by passing in parameters and using Microsoft Azure Automation assets. Therefore the script accepts a VM prefix parameter called STARTSWITH. Invoking the Runbook will allow you to provide a value as can be seen below:

Windows_Azure_Active_Runbook_3

  • Before it’s possible to schedule the Runbook for execution it’s required to Publish the Runbook first by clicking on the Publish button (located next to the TEST button).
  • After publishing the Runbook, click on the SCHEDULE tab for completing the final step; scheduling the Runbook
  • On the schedule page select “LINK TO A NEW SCHEDULE” and give the Schedule the name “Midnight”
  • Set the schedule date at Midnight and include the STARTSWITH value for the schedule

Windows_Azure_Active_Schedule_1

Windows_Azure_Active_Schedule_2

Conclusion

Yes, there are some steps involved in setting this up, but Microsoft Azure Automation enables you to create some very fancy automation assets.

  • Steven Smith

    To learn how such Azure VM automation can be monitored and systematized, check out two blogs below:

    VMs can be shutdown or scaled down on a schedule.

    Shut-down Azure VMs on a schedule: http://cloudmonix.com/blog/how-to-automate-schedule-shutdowns-of-azure-vms/

    Scale-down Azure VMs on a schedule: http://cloudmonix.com/blog/how-to-automate-scaling-of-azure-vms/

    • Thanks for promoting your product on my blog Steven.

      I’ve used cloudmonix.com in the past and definitely NOT satisfied. Just to inform my readers; The interface is clunky and outdated. Actually, I have a list of shortcoming, but to keep things short… It’s just another interface / tool you need to learn, and more importantly trust.

      I believed that it’s important to stick to the core (API’s, Azure’s Automation and monitoring capabilities etc.) and know what’s happening under the covers before eventuating third party products. But If you are looking for a Azure monitoring solution, make sure to look at other products. For example, newrelic.com.

Post Navigation