CODEWITHSUNDEEP
powershellazureazure-automation
Antti P
Antti P

Reputation: 344

Azure Automation Get-AzureRmStorageAccountKey

Im developing a script that gets several parameters out from all of my storage accounts in every subscription i have RBAC configured for. I've tested the script to work completely fine locally, but when I try to take it to Azure Automation (so that I can schedule it to work in the future), I'm having a lot of issues with Get-AzureRmStorageAccountKey command, as it doesn't seem to output anything.

This isn't the whole script im working on, but for the relevant parts:

$VerbosePreference = 'Continue'

$connectionName = "AzureRunAsConnection"
try
{
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName         

"Logging in to Azure..."
Add-AzureRmAccount `
    -ServicePrincipal `
    -TenantId $servicePrincipalConnection.TenantId `
    -ApplicationId $servicePrincipalConnection.ApplicationId `
    -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 

}
catch {
if (!$servicePrincipalConnection)
{
    $ErrorMessage = "Connection $connectionName not found."
    throw $ErrorMessage
} else{
    Write-Error -Message $_.Exception
    throw $_.Exception
}
}

$storageaccounts = get-azurermstorageaccount
ForEach ($account in $storageaccounts)
{

$PrimaryKey = Get-AzureRmStorageAccountKey -ResourceGroupName $account.ResourceGroupName
$PrimaryKey

At the last line of my script, I expect to get an output of the variable $PrimaryKey but it comes out empty, as I also witnessed when my script moved to the next parts which ran into an error saying that it cant reference an empty value.

When I run this locally on Powershell ISE, everything is good and I get all my primary SAS keys listed. I tried this with the Azure Automation module for ISE, which also works like a charm on local test. Once I test the draft on Azure, I get completely nothing out of this even with verbose logging on, with the last output being.

Environments                                                                                                            

------------                                                                                                            

{[AzureChinaCloud, AzureChinaCloud], [AzureCloud, AzureCloud], 
[AzureGermanCloud, AzureGermanCloud], [AzureUSGovernme...

Does anyone have experience, is this some kind of expected behaviour that automation scripts wont reveal information considered private, such as SAS keys? For me the problem is that I cant use fixed variables here (at least I dont know how I could), since im running this script against all existing storage accounts and I want the script to work without manual interference even if new accounts are created.

Cheers.

Upvotes: 0

Views: 818

Answers (1)

Antti P
Antti P

Reputation: 344

Ok, I knew that once I post this up I will figure out something that does the trick. I was sure I had the automation modules up to date, but apparently they were not and that solved the whole thing.

Someone feel free to close this :)

https://learn.microsoft.com/en-us/azure/automation/automation-update-azure-modules

Upvotes: 2

Related Questions