แก้ไข

แชร์ผ่าน


Create an Azure Automation account using a Resource Manager template

Azure Automation delivers a cloud-based automation and configuration service that supports consistent management across your Azure and non-Azure environments. This article shows you how to deploy an Azure Resource Manager template (ARM template) that creates an Automation account. Using an ARM template takes fewer steps compared to other deployment methods. The JSON template specifies default values for parameters that would likely be used as a standard configuration in your environment. You can store the template in an Azure storage account for shared access in your organization. For more information about working with templates, see Deploy resources with ARM templates and the Azure CLI.

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

The sample template does the following steps:

  • Automates the creation of an Azure Monitor Log Analytics workspace.
  • Automates the creation of an Azure Automation account.
  • Links the Automation account to the Log Analytics workspace.
  • Adds sample Automation runbooks to the account.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

If you're new to Azure Automation and Azure Monitor, it's important that you understand the configuration details. The understanding can help you avoid errors when you try to create, configure, and use a Log Analytics workspace linked to your new Automation account.

  • Review additional details to fully understand workspace configuration options, such as access control mode, pricing tier, retention, and capacity reservation level.

  • Review workspace mappings to specify the supported regions inline or in a parameter file. Only certain regions are supported for linking a Log Analytics workspace and an Automation account in your subscription.

  • If you're new to Azure Monitor Logs and haven't deployed a workspace already, review the workspace design guidance. This document will help you learn about access control, and help you understand the recommended design implementation strategies for your organization.

Review the template

The template used in this article is from Azure Quickstart Templates.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspaceName": {
      "type": "string",
      "metadata": {
        "description": "Workspace name"
      }
    },
    "sku": {
      "type": "string",
      "defaultValue": "pergb2018",
      "allowedValues": [
        "pergb2018",
        "Free",
        "Standalone",
        "PerNode",
        "Standard",
        "Premium"
      ],
      "metadata": {
        "description": "Pricing tier: perGB2018 or legacy tiers (Free, Standalone, PerNode, Standard or Premium), which are not available to all customers."
      }
    },
    "dataRetention": {
      "type": "int",
      "defaultValue": 30,
      "minValue": 7,
      "maxValue": 730,
      "metadata": {
        "description": "Number of days to retain data."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Specifies the location in which to create the workspace."
      }
    },
    "automationAccountName": {
      "type": "string",
      "metadata": {
        "description": "Automation account name"
      }
    },
    "sampleGraphicalRunbookName": {
      "type": "String",
      "defaultValue": "AzureAutomationTutorial"
    },
    "sampleGraphicalRunbookDescription": {
      "type": "String",
      "defaultValue": "An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)."
    },
    "samplePowerShellRunbookName": {
      "type": "String",
      "defaultValue": "AzureAutomationTutorialScript"
    },
    "samplePowerShellRunbookDescription": {
      "type": "String",
      "defaultValue": "An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)."
    },
    "samplePython2RunbookName": {
      "type": "String",
      "defaultValue": "AzureAutomationTutorialPython2"
    },
    "samplePython2RunbookDescription": {
      "type": "String",
      "defaultValue": "An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)."
    },
    "_artifactsLocation": {
      "type": "string",
      "defaultValue": "[deployment().properties.templateLink.uri]",
      "metadata": {
        "description": "URI to artifacts location"
      }
    },
    "_artifactsLocationSasToken": {
      "type": "securestring",
      "defaultValue": "",
      "metadata": {
        "description": "The sasToken required to access _artifactsLocation.  When the template is deployed using the accompanying scripts, a sasToken will be automatically generated"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.OperationalInsights/workspaces",
      "apiVersion": "2020-08-01",
      "name": "[parameters('workspaceName')]",
      "location": "[parameters('location')]",
      "properties": {
        "sku": {
          "name": "[parameters('sku')]"
        },
        "retentionInDays": "[parameters('dataRetention')]",
        "features": {
          "searchVersion": 1,
          "legacy": 0
        }
      }
    },
    {
      "type": "Microsoft.Automation/automationAccounts",
      "apiVersion": "2020-01-13-preview",
      "name": "[parameters('automationAccountName')]",
      "location": "[parameters('location')]",
      "dependsOn": [
        "[parameters('workspaceName')]"
      ],
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "sku": {
          "name": "Basic"
        }
      },
      "resources": [
        {
          "type": "runbooks",
          "apiVersion": "2020-01-13-preview",
          "name": "[parameters('sampleGraphicalRunbookName')]",
          "location": "[parameters('location')]",
          "dependsOn": [
            "[parameters('automationAccountName')]"
          ],
          "properties": {
            "runbookType": "GraphPowerShell",
            "logProgress": "false",
            "logVerbose": "false",
            "description": "[parameters('sampleGraphicalRunbookDescription')]",
            "publishContentLink": {
              "uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorial.graphrunbook', parameters('_artifactsLocationSasToken')))]",
              "version": "1.0.0.0"
            }
          }
        },
        {
          "type": "runbooks",
          "apiVersion": "2020-01-13-preview",
          "name": "[parameters('samplePowerShellRunbookName')]",
          "location": "[parameters('location')]",
          "dependsOn": [
            "[parameters('automationAccountName')]"
          ],
          "properties": {
            "runbookType": "PowerShell",
            "logProgress": "false",
            "logVerbose": "false",
            "description": "[parameters('samplePowerShellRunbookDescription')]",
            "publishContentLink": {
              "uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorial.ps1', parameters('_artifactsLocationSasToken')))]",
              "version": "1.0.0.0"
            }
          }
        },
        {
          "type": "runbooks",
          "apiVersion": "2020-01-13-preview",
          "name": "[parameters('samplePython2RunbookName')]",
          "location": "[parameters('location')]",
          "dependsOn": [
            "[parameters('automationAccountName')]"
          ],
          "properties": {
            "runbookType": "Python2",
            "logProgress": "false",
            "logVerbose": "false",
            "description": "[parameters('samplePython2RunbookDescription')]",
            "publishContentLink": {
              "uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorialPython2.py', parameters('_artifactsLocationSasToken')))]",
              "version": "1.0.0.0"
            }
          }
        }
      ]
    },
    {
      "type": "Microsoft.OperationalInsights/workspaces/linkedServices",
      "apiVersion": "2020-08-01",
      "name": "[concat(parameters('workspaceName'), '/' , 'Automation')]",
      "location": "[parameters('location')]",
      "dependsOn": [
        "[parameters('workspaceName')]",
        "[parameters('automationAccountName')]"
      ],
      "properties": {
        "resourceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]"
      }
    }
  ]
}

The Azure resources defined in the template:

Deploy the template

  1. Select the Deploy to Azure button below to sign in to Azure and open the ARM template.

    Button to deploy the Resource Manager template to Azure.

  2. Enter or select the following values:

    Property Description
    Subscription From the drop-down list, select your Azure subscription.
    Resource group From the drop-down list, select your existing resource group, or select Create new.
    Region This value will autopopulate.
    Workspace name Enter a name for your new Log Analytics Workspace.
    Sku Defaults to the per GB pricing tier released in the April 2018 pricing model. If you want to create or configure a Log Analytics workspace in a subscription that has opted into the April 2018 pricing model, the only valid Log Analytics pricing tier is PerGB2018.
    Data retention Defaults to 30 days.
    Location The value will autopopulate with the location used for the resource group.
    Automation Account name Enter a name for your new Automation account.
    Sample graphical runbook name Leave as is.
    Sample graphical runbook description Leave as is.
    Sample PowerShell runbook name Leave as is.
    Sample PowerShell runbook description Leave as is.
    Sample Python2Runbook name Leave as is.
    Sample Python2Runbook description Leave as is.
    _artifacts Location Leave as is.* URI to artifacts location.
    _artifacts Location Sas Token Leave blank. The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated.

    * When you attempt to run the ARM template from PowerShell, CLI, or the Templates feature in the portal, if the _artifactsLocation parameter isn't properly set, you'll receive an error message similar to the following:

    "message": "Deployment template validation failed: 'The template resource '_artifactsLocation' at line '96' and column '31' is not valid: The language expression property 'templateLink' doesn't exist, available properties are 'template, templateHash, parameters, mode, debugSetting, provisioningState'.. Please see https://aka.ms/arm-template-expressions for usage details.'."

    To prevent this error, when running from the Templates feature in the portal, specify the following value for the _artifactsLocation parameter - https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/azuredeploy.json.

    When you run from PowerShell, include the parameter and its value -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/azuredeploy.json.

    When you run from Azure CLI, include the parameter and its value - --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.automation/101-automation/azuredeploy.json.

    For reference about PowerShell/CLI, see the following - Create Azure Automation account (microsoft.com) under the Use the template section.

  3. Select Review + Create and then Create. The deployment can take a few minutes to finish. When completed, the output is similar to the following image:

    Example result when deployment is complete

Review deployed resources

  1. Once the deployment completes, you'll receive a Deployment succeeded notification with a Go to resource link. Your Resource group page will list your new resources. From the list, select your new Automation account.

  2. From the left-side, under Process Automation, select Runbooks. The Runbooks page lists the three sample runbooks created with the Automation account.

    Tutorial runbooks created with Automation account

  3. From the left-side, under Related Resources, select Linked workspace. The Linked workspace page shows the Log Analytics workspace you specified earlier that is linked to your Automation account.

    Automation account linked to the Log Analytics workspace

Next steps

Configure diagnostic settings for your Automation account to send runbook job status and job streams to the linked Log Analytics workspace.