Runbook Assets

In the previous step, you learned about runbooks and what runbooks can automate. Let’s explore the Azure Automation assets that are available to you for use in your runbooks.

Azure Automation assets are resources (settings) that are globally available to be used in or associated with a runbook. There are currently six asset categories: Schedules, Modules, Certificates, Connections, Credentials and Variables:

As a best practice, you should always try to create global assets so that they can be used across your runbooks. This will save time and reduce the number of manual edits within individual runbooks.

Schedules

There may be instances that you want scripts to self-trigger at certain times of the day. The Automation schedule functionality gives you the ability to set up schedules for execution. It supports both single-trigger and multi-trigger schedules. A runbook can be linked to multiple schedules, and a schedule can have multiple runbooks linked to it.

Here is a schedule that runs every night at midnight. To retrieve the schedule, use the Azure PowerShell command Get-AzureRmAutomationSchedule:

Modules

A PowerShell module is a set of related Windows PowerShell functionalities grouped as a convenient unit. PowerShell modules can be imported as needed, and are often installed with a particular feature.

For example, if you add the Active Directory role to your server, the Active Directory PowerShell module with all the associated cmdlets will also be installed.

An Azure module asset isn’t very different from a PowerShell module. It’s simply a PowerShell module that optionally contains one additional file: A metadata file specifying an Azure Automation connection type to be used with the module.

For example, email modules typically include a connection type. Azure module assets can be imported to make their cmdlets available for use within runbooks and DSC configurations.

Certain module assets are shipped as global module assets in the Automation service. These global modules are available to you when you create an Automation account. Notice in the graphic Azure.Storage, AzureRM.Automation, and AzureRM.Compute. You can add additional modules by browsing the gallery:

Certificates

Certificates assets can be stored securely in Azure Automation so that they can be accessed by runbooks or DSC configurations by using the Get-AutomationCertificate activity. This allows you to create runbooks and DSC configurations that use certificates for authentication, or adds them to Azure or third-party resources:

Connections

Connection assets define the information required to connect to a service or application. The different types of connections that you can create are defined by the modules imported into Azure Automation:

After you select the connection type, a template that defines the properties needed by the connection will display. For example, the Azure module that comes preinstalled in Azure Automation contains a connection with fields for subscription ID and certificate, which is the information needed to manage your Azure resources programmatically. For example, the SMTPServerConnection type shows properties associated with email server connections:

The properties for a connection are stored securely in Azure Automation and can be accessed in the runbook with the Get-AutomationConnection activity.

Credentials

An Automation credential asset holds a PSCredential object that contains security credentials. For example, credentials could be your Microsoft Azure login username and password. Runbooks and DSC configurations can use the Get-AzureAutomationCredential cmdlet to authenticate applications and services:

Variables

Variable assets are persistent values that are available to all runbooks and DSC configurations in your Automation account. Variables can be String, Boolean, DateTime, Integer or Not Specified.

Variable assets can be encrypted along with credentials, certificates, and connections assets. These assets are encrypted and stored in Azure Automation by using a unique key that is generated for each Automation account.

To retrieve an unencrypted variable, use the Get-AzureAutomationVariable command. To retrieve any encryption assets, use a Get-AutomationVariable activity in a runbook or DSC configuration:

Automation variables are useful for:

• Sharing a value among multiple runbooks or DSC configurations.
• Sharing a value among multiple jobs from the same runbook or DSC configuration.
• Managing a value from the portal or from the Windows PowerShell command-line that’s used by runbooks or DSC configurations, such as a set of common configuration items like a specific list of virtual machine (VM) names, a specific resource group, or an Active Directory domain name.