[Azure Terraform]: Create Start/Stop VM Solution

0
votes

I am using Terraform to create an Automation Account in Azure.

The following resource in Azure provider does the job: azurerm_automation_account.

Ok. So I got my AA created... here is when problems arise.

  1. "Run As" account: there seems to be a way to create it from Terraform... but the process is cumbersome. I have lost hope, and will probably resort to enable it manually from Azure portal (it is just one click)... but it will brake my automation pipeline :(

  2. "Start/Stop VM Solution": I need the powershell runbooks in this solution to start-stop VMs according to a given schedule. There is a resource in Azure provider called "azurerm_automation_runbook". It has 2 useful arguments to reference runbook scripts:

    • "content": with it I could "load" a local powershell script content. I know this would work (I could manually download the .ps1 script used by "Start/Stop VM Solution" and use "content" to load it), but I would be missing any fixes/updates made by Microsoft in its code)

    • "publish_content_link": by which I could point to the URI of a given powershell runbook. I have looked in the "Runbook Gallery" for the runbooks contained in the "Start/Stop VM Solution" (not found them). Anyone had any luck with this? A different approach could be to "create" the "Start/Stop VM Solution" from a Terraform script (this will automatically populate the desired runbooks in my Automation Account)... but not sure if this would be possible.

Thanks in advance.

1
azureautomationterraform

1 Answers

0
votes

For point 1: I also found it very challenging and while things have improved lately, there still doesn't seem to be an easy, straight forward way of creating the Run As Account. I eventually resorted to creating it manually from the Azure Portal but below are potential areas you can explore:

I'm not sure if you've considered using the external data source from terraform to execute the Powershell script from Microsoft. It's still a pain because of the last step where you have to authenticate manually, but it still brings you closer to having a blueprint of your environment. Although I'm not sure how it would behave if running this Terraform script a second time.

For point 2: Could you confirm that the script you want to use is a Powershell script and not a Powershell Workflow script? Also could you please elaborate on this approach (I have a feeling that might be the best approach):

A different approach could be to "create" the "Start/Stop VM Solution" from a Terraform script (this will automatically populate the desired runbooks in my Automation Account)

If you look at the Runbooks Gallery, you'll see most of these Powershell scripts have not been updated for many years and are still working fine. If this will be used in a production environment, it would be better if you have control over the changes and update then at your convenience. If you want to get the URI, you can just click on 'View Source Project' and it will lead you to the GitHub repo. E.g. for the Runbook Stop-Start-AzureVM (Scheduled VM Shutdown/Startup).

You'll also notice most of the scripts is submitted by external parties. If you link to a URI that's maintained by someone else and that person publishes malicious code in there or even accidentally messes up the code, it's not desirable. But again I'm not sure as to the extent of your automation (e.g. if you expect to execute the terraform script once a month to ensure the Runbook is up to date)

If I get the scripts from somewhere, I'll validate it prior to using them in my environment.

data "local_file" "start_vm_parallel" {
      filename                       = "./scripts/start-vm-parallel.ps1"
}

resource "azurerm_automation_runbook" "start_vm_parallel" {
      name                           = local.NAME
      location                       = local.REGION
      resource_group_name            = local.RG
      automation_account_name        = azurerm_automation_account.automation_prod.name
      log_verbose                    = "true"
      log_progress                   = "true"
      description                    = "This runbook starts VMs in parallel based on a matching tag value"
      runbook_type                   = "PowerShellWorkflow"
      content                        = data.local_file.start_vm_parallel.content

      publish_content_link {
        uri = "https://path.to.script/script.ps1"
      }
}

If you're using a Powershell Workflow, you need to make sure that the Runbook name matches the workflow name inside the script.

One last thing to remember before you even start using your Runbooks, is to update the modules by creating a 'modules update' Runbook from the Azure Automation team and running it on schedule, once a month.