Image:https://docs.microsoft.com/en-us/azure/automation/start-runbooks
What is Azure automation
Azure Automation delivers a cloud-based automation and configuration service that supports consistent management across your Azure and non-Azure environments. It comprises process automation, configuration management, update management, shared capabilities, and heterogeneous features. Automation gives you complete control during deployment, operations, and decommissioning of workloads and resources.
As you can see, Automation can actually achieve different job requirements. In this post, I will write about how to use automation to snapshot and create disk out from it regularly.
Before we start, let’s talk about some terminology first.
- Automation is the service that will execute the jobs we want it to run for us.
- Runbook is the script that we tell Automation how and what we want it to run for us.
Therefore, let’s get started by creating an Automation Account. Pay attention to the Run As account option, in simple words, Automation and Disk are two individual services so we need to assign Automation necessary privilege so that it can snapshot and create disk out from Disk.
Besides Run As account, there is another option called managed identity, I will demonstrate both way in this post.
Runbook only supports these languages and I use PowerShell for my Runbook. Some commands used in my Runbook are not available in Automation by default, so I need to install them manually.
I need to install Az.Accounts and Az.Compute in order, steps are show below. Repeat the steps for Az.Compute.
Once done, you can verify them from Modules section.
Next, let’s prepare out Runbook. This script is for my own scenario usage, please modify according to your needs. Please read the # comments for more detail.
Script for Run as accounts
Create the Runbook.
Next, paste script into the editor, save it and do a test run to make sure the script is functional.
Once started, it will Queue the job first then start running the job in a second.
If the script ran without any issues, it will show complete.
By checking Snapshots and Disks, we can confirm that Automation is working as the way we expected.
Next we publish the script to make it online official.
Once published, we can manually trigger, schedule or use webhook to execute the script. Of course you can modify the script as well.
Since I want the script to run periodically, let's create a schedule for it. Pay attention that for Starts, you can only set 5 minutes after your current time. As for recurring, the minimum frequency is 1 hour.
For example, you can only set 2:05PM if your current time is 2:00PM
Let’s go back to Runbook and associate it with the schedule just created.
Once done, you can verify it at the Schedules section.
Once Runbook is executed, you can check the job list from Jobs and in addition, we can check Schedules for the next scheduled run time.
Script for managed identity
From script point of view, the only difference is the way how we assign privilege to Automation Runbook to perform jobs we want it to execute. For Run as accounts, you need codes from line 1 to 23 from the previous script where as Managed identity, all you need is one line.
In order to use managed identity feature, we simply enable it from Identity seciton.
Once done, use the new script to perform run Runbook to verify result.
Everything is working as expected! That’s it, hope you enjoy the show ;)
