Getting the service principal for an Azure Automation Account connection using PowerShell

1
votes

I know how Get-AutomationAccount can be used to retrieve the connection details internally while running a runbook within an automation account.

However, what if I want to be able to report on the service principal being used by the AzureRunAsConnection external to a runbook job?

I've tried something like the following:

$automationAccount = Get-AzAutomationAccount -ResourceGroupName $rg -Name $name
$conn = $automationAccount | Get-AzAutomationConnection
$conn.FieldDefinitionValues

However, the FielDefinitionValues hashtable has nothing in it? I was expecting to see things like tenantId, ApplicationId, etc.

I can get this information via the portal by clicking on:

AutomationAccount > Run as accounts > Azure RunAs Account

or by

AutomationAccount > Connections > AzureRunAsConnection

But can't see how I can get this info for the RunAs Account from PowerShell?

Thanks in advance.

2
azurepowershellazure-active-directoryazure-automation
HA! Never mind. It turns out you need to provide the name of the connection in the cmdlet. Otherwise, it doesn't fill in certain properties in the output... :/ I would have expected it to just output all connections with all their properties. Maybe a bug? - ScubaManDan
So changing the line above to: $conn = $automationAccount | Get-AzAutomationConnection -Name "AzureRunAsConnection" - ScubaManDan

2 Answers

1
votes

Yes, you need to use $conn = $automationAccount | Get-AzAutomationConnection -Name "AzureRunAsConnection".

Maybe a bug?

It is not a bug, because the two commands call different REST APIs.

When using $conn = $automationAccount | Get-AzAutomationConnection, it calls this rest api Connection - List By Automation Account, the details of fieldDefinitionValues will not be exposed, it will always be null. You could check the sample response or catch the request of the powershell with fiddler.

enter image description here

When using $conn = $automationAccount | Get-AzAutomationConnection -Name "AzureRunAsConnection", it calls this rest api Connection - Get. The fieldDefinitionValues will include the properties you want.

enter image description here

0
votes

You answered this yourself in the comments. But just to stop this question coming up as unanswered:

$conn = $automationAccount | Get-AzAutomationConnection -Name "AzureRunAsConnection"