0
votes

So there's now a documented workaround to use ARM in Azure Automation, and it's also well documented how to authenticate to ARM using a Service Principal. But even after following these steps I still cannot get the combination of those to work. Running my runbook in Automation with a Service Principal always gives the following error:

New-AzureTag : Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your 
Azure credentials.
At Add-SubscriptionTags:48 char:48
+ 
    + CategoryInfo          : CloseError: (:) [New-AzureTag], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Tags.Tag.NewAzureTagCommand

Add-AzureAccount and Select-AzureSubscription both execute fine, but when I call any cmdlet to actually do something I get the above error.

My runbook works when I use a regular AAD org account, so I don't think it's an Automation/ARM issue.

Running my workflow on my PC with the service principal also works, so I think my service principal is set up correctly.

Has anyone successfully implemented this scenario?

1
I also messed around with calling Add-AzureAccount twice and using AzureProfiles based on this GitHub issue, but no joy.BenV

1 Answers

1
votes

This is due to a bug in Azure PowerShell. It has been identified and there is a work item to fix it. I will add the GitHub issue if I'm able to find it.

Update: Here's the GitHub issue https://github.com/Azure/azure-powershell/issues/655