Azure Cloud PowerShell Scripting

Do anything you want!

Overview

MacOS Install
Install PowerShell Scripts
PowerShell Prompt
CLI AZ Versions & Upgrade
- Install for ARM Declarative Templates
Install Azure Module
- Azure .NET Core Deprecated
Azure Environments (Clouds)
Alternative automation
Sign Into Azure
- Connect-AzAccount with credentials
- Authenticate into Azure Cloud
Resources
Generate a visual diagram
More on DevSecOps

This tutorial describes the install and coding of automation within the Azure cloud, using PowerShell, CLI, ARM templates in JSON, etc.

This is one of a series about Azure on my blog:

Azure Onramp (obtaining accounts)
Azure PowerShell install and coding
Azure CLI install and coding
Azure-specific Automation
Azure Compute (VM)
Azure Storage
Azure Functions (Serverless)
Azure Monitoring

MacOS Install

Install PowerShell as described on my blog:

wilsonmar.github.io/powershell-install-coding

These if errors below:

Update NuGet
Install-PackageProvider -Name NuGet -Force
Exit

Update PowerShellGet
Install-Module -Name PowerShellGet -Force
Exit

Install PowerShell Scripts

Run from the Powershell Gallery the Workflow to Download All Gallery Modules:

Click the “Deploy” button or:

Install-Script -Name Download-AllGalleryModules

Response:

Untrusted repository
You are installing the scripts from an untrusted repository. If you trust
this repository, change its InstallationPolicy value by running the
Set-PSRepository cmdlet. Are you sure you want to install the scripts from
'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help

Press A to accept install of all modules from an untrusted source.

BLAH: Response: See https://github.com/Azure/azure-powershell/issues/11772

Install-Package: /usr/local/microsoft/powershell/7/Modules/PowerShellGet/PSModule.psm1:10044                             Line 10044 |
   | … talledPackages = PackageManagement\Install-Package @PSBoundParameters
   | The specified script file
   | '/var/folders/r7/_4wzn4hn6yb2xxlms995lnkc0000gn/T/1269304408/Download-AllGalleryModules.0.1.0/Download-AllGalleryModules.ps1' has parse errors, try again after fixing the parse errors.

Click the “Deploy” button. You should see Azure’s Custon Deployment bolt with Parameters:
Type in for new Resource Group name “Download-AllGalleryModules”.
Click Create to see error icons.
Click Edit parameters.
Select your Resource group location (such as “East US 2”).
Click Review legal terms then click Purchase.
Click Create.

PowerShell Prompt

To specify a carriage return and new line, instead of the \n on Linux, on PowerShell we use the back-tick key in rn.

I use that to customize my PowerShell prompt to be at the same location every time.

There are <a target=”_blank” href=”https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.1”“>several profile .ps1 files</a>. For a list of them, within PowerShell:
```
$PROFILE | Get-Member -Type NoteProperty
```
To test whether a file has been created:

Test-Path -Path $PROFILE.AllUsersAllHosts
On a Mac, edit the ~/.profile file (which is automatically run when PowerShell is started) to add my custom prompt:
```
function Prompt
{
$env:COMPUTERNAME + "`r`n  $(Get-Date) " + (Get-Location) + "`r`n> "
}
```

The PowerShell $PSHOME folder is different depending on operating system:

/usr/local/bin/pwsh symlinks to /usr/local/microsoft/powershell/7.1.3/ on MacOS due to BSD XDG Base Directory Specification.
/opt on Linux

CLI AZ Versions & Upgrade

List Azure Verbs
```
az
```
Response:
```
Welcome to the cool new Azure CLI!
```

List Azure version:

az --version

azure-cli                         2.19.1 *
core                              2.19.1 *
telemetry                          1.0.6
Extensions:
azure-cli-iot-ext                  0.8.7
Python location '/usr/local/Cellar/azure-cli/2.19.1/libexec/bin/python'
Extensions directory '/Users/wilson_mar/.azure/cliextensions'
Python (Darwin) 3.8.8 (default, Feb 21 2021, 08:26:42) 
[Clang 12.0.0 (clang-1200.0.32.29)]
Legal docs and information: aka.ms/AzureCliLegal
You have 2 updates available. Consider updating your CLI installation with 'az upgrade'
 
Please let us know how we are doing: https://aka.ms/azureclihats
and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy

Upgrade Azure:

az upgrade

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Your current Azure CLI version is 2.19.1. Latest version available is 2.20.0.
Please check the release notes first: https://docs.microsoft.com/cli/azure/release-notes-azure-cli

List Regions = Locations with Providers:

$FormatEnumerationLimit=-1 
 Get-AzLocation

PROTIP: The format command expands elipsis (…) See https://greiginsydney.com/viewing-truncated-powershell-output/

Location    : eastasia
DisplayName : East Asia
Providers   : {Microsoft.Security, 84codes.CloudAMQP, LiveArena.Broadcast, Microsoft.AAD…}

Install for ARM Declarative Templates

declarative syntax are defined in Resource Manager templates used by ARM to enable infrastructure configurations to be defined (much like Puppet).

Install Azure Module

Within pwsh :
```
Install-Module -Name Az -AllowClobber
```
- Install Azure PowerShell

Type A to respond:

Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you 
want to install the modules from 'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"):

Azure .NET Core Deprecated

NOTE: We don’t use “AzureRM….” modules/commands any more.

Establish admin rights on MacOS:

sudo -v
Install Azure PowerShell for .NET Core:

Install-Module AzureRM.NetCore

No response is expected when successful.

Load the module into your PowerShell session. Modules are loaded using the Import-Module cmdlet:

Import-Module AzureRM.Netcore

WARNING: AzureRM.Netcore has been deprecated.  Use the 'Az' module instead.  The 'Az' module is avalable from the PSGallery https://www.powershellgallery.com/packages/Az/. You can find information about getting started with 'Az' at https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az. To uninstall AzureRM.Netcore you can use the provided 'Uninstall-AzureRMNetcore' cmdlet.

http://www.signalwarrant.com/automate-creating-lab-virtual-machines-in-azure-with-powershell/

Azure Environments (Clouds)

READ:

Get a list of Resoure Manager Environments available:

Get-AzureRmEnvironment | Select-Object Name

Sample response:
```
AzureCloud
AzureChinaCloud
AzureUSGovernment
AzureGermanCloud
```
Create an Azure Service Principal if you don’t have one

READ:

Get your TenantId from your subscription after logging in interactively:

Get-AzureRmSubscription

CAUTION: This sample response exposes senstive information:

Environment           : AzureCloud
Account               : username@contoso.com
TenantId              : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
SubscriptionId        : XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
SubscriptionName      : My Production Subscription
CurrentStorageAccount :

Get the dialog box asking for your Azure credentials to login interactively at https://aka.ms/devicelogin:

Login-AzureRmAccount -EnvironmentName AzureCloud

Alternately, login by specifying an Azure Service Principle:

Login-AzureRmAccount -ServicePrincipal -ApplicationId “http://my-app” -Credential $pscredential -TenantId $tenantid

PROTIP: Some put the above command in a command file with a short name.
Pop-up help for a command to a different window for multiple windows:
```
help Get-AzureSubscription -ShowWindow
```

Alternative automation

VIDEO

Pulumi

Pulumi enables programmatic access to Azure in JavaScript for use by application-building devs.

Pulumi does not generate templates.

Azure Bicep

is an ARM DSL developed by the Azure team like Terraform

Farmer

Use simplified “.fs” DSL code that runs to spit out ARM template JSON files.

In the folder containing the .fs file you want to run:
```
dotnet run
```

https://compositionalit.github.io/farmer/

https://github.com/compositionalit/farmer

Sign Into Azure

zzz

Connect-AzAccount with credentials

Obtain a browser URL to sign into your Azure account:

Connect-AzAccount

Connect-AzureRmAccount

Alternately, to get prompted in the CLI:

Login-AzAccount -Credential (Get-Credential)

Response:

PowerShell credential request
Enter your credentials.
User:

On your default browser, pick (click on) the Microsoft account you want

Authentication complete. You can return to the application. Feel free to close this browser tab.

Switch back to the Terminal to see Account (email), SubscriptionName, TenantId (GUI), Environment (“AzureCloud”)
See https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-5.6.0

Authenticate into Azure Cloud

The easiest way:

az login

The response:

The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.

Pick an account in your default internet browser.
If you have MFA, answer it.

You should see on the browser:

You have logged into Microsoft Azure!
You can close this window, or we will redirect you to the Azure CLI documents in 10 seconds.

The URL to Azure CLI documents is:

https://docs.microsoft.com/en-us/cli/azure

Switch back to the CLI (on macOS: press command+tab).

Resources

doc.microsoft.com: What is PowerShell?
Pluralsight VIDEO: “PowerShell 7.0.3: Getting Started” 3h 4m 14 Sep 2020 by Michael Bender (@MichaelBender, itsallgeek2mike.com)
https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app
https://www.oneidentity.com/products/active-roles/

Generate a visual diagram
Use VSCode “ARM Viewer” to generate a visual diagram

VIDEO: Generate an Architecture Diagramusing diagrams.net

https://rules.ssw.com.au/architecture-diagram

https://rules.ssw.com.au/azure-resources-diagram

https://rules.ssw.com.au/azure-resources-creating

More on DevSecOps

This is one of a series on DevSecOps:

Wilson Mar