Storing Azure Metrics in Private Storage Account Using Azure Automation

Question

I want to retrieve metric values using Get-AzMetric in Azure Automation and store the daily updated values in an Azure Storage Account. However, the Storage Account is configured with a private link and can only be accessed through a specified network, which means I cannot save blobs directly. Is it possible to store blobs in a private Storage Account using Azure Automation scripts?

Additionally, I would like to know if there are any effective solutions to retrieve VM metric results daily and export them in CSV format, specifically for use with a Storage Account that can only be accessed through a private link and specified network.

Answer 1

Hi @Yu-Jeong Seo

Welcome to Microsoft Q&A, thanks for posting your query.

To achieve your goal of retrieving VM metrics and saving them to a private Azure Storage Account using Azure Automation, here are some steps to follow.

Retrieving Metrics with Get-AzMetrics:

Use Get-AzMetrics within an Azure Automation runbook to retrieve metrics data, such as CPU usage or memory utilization, for a virtual machine. This will collect the daily metrics.

https://learn.microsoft.com/en-us/powershell/module/az.monitor/get-azmetric

Exporting Metrics to CSV:

Once the metrics are collected, you can format and export them into a CSV file. Use PowerShell, use Export-Csv to create a CSV file from the retrieved metrics data.

$metrics = Get-AzMetric -ResourceId "/subscriptions/<your-subscription-id>/resourceGroups/<your-resource-group>/providers/Microsoft.Compute/virtualMachines/<vm-name>" -MetricName "Percentage CPU"

Since Azure Automation doesn’t support writing directly to local paths, you’ll need to create the CSV in memory and then upload it directly to the Azure Storage Account.

 

Setting Up Access to a Private Storage Account from Azure Automation:

Using a Hybrid Worker with VNet Access: Set up a Hybrid Worker within a virtual network that has access to the private storage account. By this, you can run Azure Automation scripts on VMs that are network-connected, enabling access to resources that are secured by a private endpoint. https://learn.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker

Using Managed Identity with Private Endpoint and DNS Configuration: If using a Hybrid Worker isn’t an option, consider setting up a managed identity for the Azure Automation account and assigning it the Storage Blob Data Contributor role on the private storage account. Next, configure private DNS zones and DNS resolution within the virtual network, allowing the automation account to route requests securely through the private endpoint.
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns

After configuring network access, you can use the Set-AzStorageBlobContent cmdlet to upload the CSV file directly to your storage account container.

https://learn.microsoft.com/en-us/powershell/module/az.storage/set-azstorageblobcontent?view=azps-12.5.0

Automating the Full Process Set up the Azure Automation runbook to execute on a daily schedule. This approach will automatically retrieve the VM metrics, save them in a CSV file, and upload the file to your private storage account each day eliminating the need for any manual steps.

This configuration ensures that your metrics are consistently logged and securely stored.

 

By following the above steps, you can identify and resolve your issue. Please let us know if you have any further queries. I’m happy to assist you further.