I'd like to use a powershell script in Azure automation to schedule switching on/off resources.
I'd like to do this without creating an account as our domain enforces password resets. I know that the automation account creates a certificate - is it possible to authenticate with this instead, when using the resource manager (AKA not a "classic" account).
Yes, this is a valid approach, in fact if you create an Azure Automation account and use the defaults it will create that for you and you can use that transparently. Taken from example runbook:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
$null = Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
dozen edits because my brain stopped working