How does one get an Azure Automation Credential and use it to work as that user within a runbook?
Ideally, the answer should work within an Azure Automation Runbook with a workflow structure, targeting objects under the Resource Manager paradigm.
I'm attempting to work with Azure Automation, inside a Resource Group. I have set up an Azure AD account with which to perform various Azure tasks. I then created an Azure Automation Credential to enable Azure Automation to securely retrieve login details and be able to work as that user.
When I run Get-AzureRmAutomationCredential I can see that my credentials are available
PS C:\...\poshetl> Get-AzureRmAutomationCredential -Name $serviceaccount -AutomationAccountName $automationaccount -ResourceGroupName $rgname
UserName : XXXX@XXXX.onmicrosoft.com
ResourceGroupName : XXXX
AutomationAccountName : poshetl
Name : etl_service
CreationTime : 10/06/2016 15:54:41 +01:00
LastModifiedTime : 10/06/2016 15:54:41 +01:00
Description :
I then store this credential object
PS C:\...\poshetl> $Cred = Get-AzureRmAutomationCredential -Name $serviceaccount -AutomationAccountName $automationaccount -ResourceGroupName $rgname
When I then try to use this to achieve a login effect via Add-AzureAccount I get a compatibility error.
PS C:\...\poshetl> Add-AzureAccount -Credential $Cred | Write-Verbose
Add-AzureAccount : Cannot bind parameter 'Credential'. Cannot convert the
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:1 char:30
+ Add-AzureAccount -Credential $Cred | Write-Verbose
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-AzureAccount], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount
Similarly, if I try with Add-AzureRmAccount
PS C:\...\poshetl> Add-AzureRmAccount -Credential $Cred | Write-Verbose
Add-AzureRmAccount : Cannot bind parameter 'Credential'. Cannot convert the
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:2 char:32
+ Add-AzureRmAccount -Credential $Cred | Write-Verbose
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-AzureRmAccount], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand
PS C:\...\poshetl> $PSversionTable
Name Value
---- -----
PSVersion 5.0.10586.122
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.10586.122
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\...\poshetl> Get-Module -ListAvailable Azure*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.2.3.3 AzureAutomationAuthoringToolkit {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Script 0.2.3.3 AzureAutomationAuthoringToolkit {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.4 Azure.Storage {Get-AzureStorageBlob, Get-AzureStorageBlobContent, Get-AzureS...
Manifest 1.0.4 AzureRM.ApiManagement {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementSsoTo...
Manifest 1.0.4 AzureRM.Automation {Get-AzureRmAutomationJobOutputRecord, Import-AzureRmAutomatio...
Binary 0.9.1 AzureRm.AzureStackAdmin {Get-AzureRMManagedLocation, New-AzureRMManagedLocation, Remov...
Manifest 0.9.2 AzureRM.AzureStackStorage {Add-ACSFarm, Get-ACSEvent, Get-ACSEventQuery, Get-ACSFarm...}
Manifest 1.0.4 AzureRM.Backup {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerReregi...
Manifest 1.0.4 AzureRM.Batch {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-Azur...
Manifest 1.2.2 AzureRM.Compute {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet, Ne...
Manifest 1.0.4 AzureRM.DataFactories {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get-Azu...
Manifest 1.0.4 AzureRM.DataLakeAnalytics {Remove-AzureRmDataLakeAnalyticsCatalogSecret, Set-AzureRmData...
Manifest 1.0.4 AzureRM.DataLakeStore {Add-AzureRmDataLakeStoreItemContent, Export-AzureRmDataLakeSt...
Manifest 1.0.4 AzureRM.Dns {Get-AzureRmDnsRecordSet, Remove-AzureRmDnsRecordSet, Set-Azur...
Manifest 1.0.5 AzureRM.HDInsight {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefiniti...
Manifest 1.0.4 AzureRM.Insights {Add-AlertRule, Get-AlertHistory, Get-AlertRule, Remove-AlertR...
Manifest 1.1.3 AzureRM.KeyVault {Get-AzureRmKeyVault, New-AzureRmKeyVault, Remove-AzureRmKeyVa...
Manifest 1.0.4 AzureRM.Network {Add-AzureRmApplicationGatewayBackendAddressPool, Get-AzureRmA...
Manifest 1.0.4 AzureRM.NotificationHubs {Get-AzureRmNotificationHubsNamespaceAuthorizationRules, Get-A...
Manifest 1.0.4 AzureRM.OperationalInsights {Get-AzureRmOperationalInsightsSavedSearch, Get-AzureRmOperati...
Manifest 1.0.4 AzureRM.Profile {Enable-AzureRmDataCollection, Disable-AzureRmDataCollection, ...
Manifest 1.0.5 AzureRM.RecoveryServices {Get-AzureRmRecoveryServicesVault, Get-AzureRmRecoveryServices...
Manifest 1.1.2 AzureRM.RedisCache {Remove-AzureRmRedisCacheDiagnostics, Set-AzureRmRedisCacheDia...
Manifest 1.0.4 AzureRM.Resources {Get-AzureRmADApplication, Get-AzureRmADGroupMember, Get-Azure...
Manifest 1.1.3 AzureRM.SiteRecovery {Stop-AzureRmSiteRecoveryJob, Get-AzureRmSiteRecoveryNetwork, ...
Manifest 1.0.4 AzureRM.Sql {Get-AzureRmSqlDatabaseThreatDetectionPolicy, Set-AzureRmSqlDa...
Manifest 1.0.4 AzureRM.Storage {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, Get-...
Manifest 1.0.4 AzureRM.StreamAnalytics {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnalytic...
Manifest 1.0.4 AzureRM.Tags {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}
Manifest 1.0.4 AzureRM.TrafficManager {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTrafficM...
Manifest 1.0.4 AzureRM.UsageAggregates Get-UsageAggregates
Manifest 1.0.4 AzureRM.Websites {Get-AzureRmAppServicePlanMetrics, Get-AzureRmWebAppCertificat...
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.4 Azure {Disable-AzureServiceProjectRemoteDesktop, Enable-AzureService...
Get-AzureRMAutomationCredential is an Azure cmdlet that returns metadata about credential assets in Azure Automation. As you can see from the returned data in your post, it is not a PSCredential object that is returned but a bunch of properties like name, last modified time, description, etc (notice the credential password is not returned).
What you are looking for is Get-AutomationPSCredential. This can be used in runbooks to retrieve the credential asset's value as a PSCredential:
$Cred = Get-AutomationPSCredential -Name "SomeCredentialAssetName"
Add-AzureRmAccount -Credential $Cred