Open in app

Sign in

Write

Sign in

Managing your Azure resources using Powershell scripting

Dominic Burford
4 min readMar 13, 2020

--

I recently had a need to start / stop our Azure web application from our deployment pipeline. As part of our deployment process I have written a script that uploads the latest changes to our Azure web hosting via FTP (using the excellent WinSCP). In testing this however I was finding that sometimes not all the files were getting uploaded, in particular the application’s main assembly would often fail to upload as it was in use. I therfore decided that I would stop / start the web application as part of the deployment.

- stop the web application
- upload the latest changes via FTP
- start the web application

After some research I discovered the following Powershell (PS) cmdlets that I would require.

Start-AzWebApp
Stop-AzWebApp
Restart-AzWebApp (not needed for this particular requirement but might be useful elsewhere in the deployment pipeline).

So I began implementing a PS script that would invoke the aforementioned cmdlets to stop / start our web application. However, the script kept failing with the following error message.

Quote:

No subscription found in the context. Please ensure that the credentials you provided are authorized to access the Azure subscription then run Connect-AzAccount to login.

Okay, so I need to programatically login to our Azure account before I can invoke the methods. This seemed reasonable, as I wouldn’t want just anyone interacting with our Azure resources. So I began investigating how to login to Azure using the Connect-AzAccount cmdlet. This is where I got a bit stuck. The parameters I needed to pass to the cmdlet I didn’t have and couldn’t find them anywhere. I looked all through the Azure dashboard and in particular the settings relating to the web application.

After some further investigation it seemed that the correct approach (at least as far as my particular requirements were concerned) was to create an Azure Service Principal and to use this to interact with the Azure resources from the PS script. You give the Azure Service Principal only the minimum level of privilege to accomplish the task(s) you require. In this case, I needed the Azure Service Principal to have the ability to stop / start a web application. The privileges you can assign are extremely granular and you can choose the exact level of privilege you need to accomplish your task(s).

In order to create the Azure Service Principal I followed the instructions in this guide[^].

This was simple and I had the Azure Service Principal created in no time. As part of the configuration of the App Registration step, you will also need to create a new Client Secret (Home -> {Azure Active Directory} -> App Registrations -> Certificates & secrets). I called the App Registration “PowershellAutomation” and named the Client Secret “PowershellAutomationSecret”. All very self explanatory should someone else have to maintain this later on. Be sure to make a note of the value for your generated Client Secret as you will need to use it in your PS script for logging into your Azure account.

Then all you need to do is plug all the values into your PS script and you’re done. You can now manage your Azure resources directly from your PS scripts.

Here’s my PS script for stopping the Azure web application.

Hide Expand

Copy Code

cls$ResourceGroupName = "MyWebAppGroup"
$Name = "MyWebApp""Stopping web application " + $Name"ResourceGroupName: " + $ResourceGroupName
"Name: " + $Name$SubscriptionId = "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
"SubscriptionId is: " + $SubscriptionId# from the Azure AD app registration 
$clientSecret = "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
$azureAplicationId = "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
$azureTenantId= "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
$azurePassword = ConvertTo-SecureString $clientSecret -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)# login to Azure and set the current context
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal 
Set-AzContext -Subscription $SubscriptionIdStop-AzWebApp -ResourceGroupName $ResourceGroupName -Name $Name"Finished"

I am now able to stop / start the web application from our deployment pipeline using Powershell. This means I am still able to automate the entire deployment pipeline without it needing any manual input from me. So once we are in a position to deploy the web application to our STAGING or PRODUCTION environments, we can accomplish this entirely from our TFS deployment pipeline.

Now that I have managed to programatically login to our Azure account to accomplish these tasks, I am able to use the same process to carry out any number of other tasks where I want to automate the interaction of our Azure resources from a Powershell script. This gives me a whole new playing field of ideas where our build and deployment pipelines are concerned, or indeed where any of our Azure resources are concerned and could benefit from PS automation.

Powershell
Powershell Script
Azure
Azure Services
Azure Active Directory

--

--

Dominic Burford

Written by Dominic Burford

312 Followers

A father, cyclist, vegetarian, atheist, geek and multiple award winning technical author. Loves real ale, fine wine and good music. All round decent chap.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams