Search code examples
powershellazure-automationazure-cliazure-runbook

Azure automation vs Azure Runbooks vs Azure CLI vs Azure DSC vs Azure ARM vs Azure API

There seem to be so many ways to automate using PowerShell in Azure. Since ARM templates are the latest, any other PowerShell options in Azure has become obsolete? What are the difference between these tools/scripts:

  • Azure run book
  • Azure automation
  • Powershell DSC
  • Azure CLI
  • ARM Templates(JSON files that use PowerShell to execute)
  • Azure API
  • Any other PowerShell possibility in Azure I missed? a) Azure auto shutdown b) Azure change tracking
Solution
    • The best in Powershell scripting is AZ (azure CLI) because it optimizes powershell scripting(from scratch)
    • The best in any form is ARM templates (.json) because it is intelligent when updating an existing infra(it wont remove existing but adds missing). Thus it beats AZ but sometimes AZ contributes to ARM templates(eg: some features are missing).
    • Azure automation helps schedule tasks:

    eg: Dev machine should run 12 hours. create PowerShell workflow scripts and then bind them to two azure automation schedules (start + stop)

    • DSC is a PowerShell feature that prevents configuration drift. eg: Deploy a DSC configuration that prevents server services from stopping.

    Most of the time there are limited options to choose from(4 options)

    eg: to Create a Virtual Network these are the options:

    1. Use Portal
    2. Use Powershell
    3. Use Azure CLI
    4. Json ARM template enter image description here enter image description here

    Edited in 2020 as requested:

    IAC(infrastructure as code) is the defacto nowadays and companies either choose ARM templates or Terraform(or similar). When using Terraform, the compatibility with arm templates could become an issue. I use 80% powershell with AZ(mainly because VM is involved) and 20% ARM templates. The problem then is losing idempotence. So a developer need to know which commands are idempotent. This leads to arm template inheritance and such design considerations. Another question in mind could be : "should I create Keyvault and VM together or should I keep Keyvault separate?" or in other words, grouping of resource creation or updation regardless of which azure resource group they exist.

    Azure functions are also used to automate, eg: VM start time and end time based on some conditions.

    Azure policy plays a significant role in automation for enterprises. Eg: if a tag is added to a VM while creation then it is triggers a policy to domain join it(with in 10 mins). This way each team in an enterprise can re-use code when needed.

    The other scripting and automation I could think of is KQL(Kusto Query language) to provide dashboards for monitoring and to take necessary actions like shutting down VMs. But it may perhaps not fit in 'automation'.