Azure Automation Runtime Environments Preview

Andres Bohren
Azure Automation Runtime Environments Preview

Hi All,

I am a big Fan of Azure Automation.

But recently i was stumbling about the PowerShell Support Lifecycle

In the GUI you can only add PowerShell 5.1, 7.1 and 7.2 PowerShell Modules.

I’ve written a Blog Article about updating the Modules with Managed Identity

Runtime Environment

Currently in Preview is the Runtime Environment

Key benefits

  • Granular control - enables you to configure the script execution environment by choosing the Runtime language, its version, and dependent modules.
  • Runbook update - allows easy portability of runbooks across different runtime versions by updating runtime environment of runbooks to keep pace with the latest PowerShell and Python releases. You can test updates before publishing them to production.
  • Module management - enables you to test compatibility during module updates and avoid unexpected changes that might affect the execution of their production scenarios.
  • Rollback capability - allows you to easily revert runbook to a previous Runtime environment. In case a runbook update introduces issues or unexpected behavior.
  • Streamlined code - allows you to organize your code easily by linking runbooks to different Runtime environments without the need to create multiple Automation accounts.

Limitations

  • Runtime environment is currently supported in all Public regions except Central India, Germany North, Italy North, Israel Central, Poland Central, UAE Central, and Government clouds.
  • PowerShell Workflow, Graphical PowerShell, and Graphical PowerShell Workflow runbooks only work with System-generated PowerShell-5.1 Runtime environment.
  • Runbooks created in Runtime environment experience with Runtime version PowerShell 7.2 would show as PowerShell 5.1 runbooks in old experience.
  • RBAC permissions cannot be assigned to Runtime environment.
  • Runtime environment can’t be configured through Azure Automation extension for Visual Studio Code.
  • Deleted Runtime environments cannot be recovered.
  • The feature is only supported through Azure portal and REST API.
  • Management of modules for Azure Automation State Configuration is not supported through Runtime environment experience. You can continue using the old experience for managing modules and packages for Azure Automation State Configuration.

You can switch back to the old experience if you need

In the Runtime Environments you can create a new one

In Azure Portal you can’t use a Point in the Name. But you can create a PowerShell 7.4 Runtime Environment

it works with a dash

There are two default Modules. You can add custom Modules or from PowerShell Gallery now or later.

review screen

New Runtime Environment has been created

AZ PowerShell

Connect with AZ PowerShell

Connect-AzAccount -Tenant icewolfch.onmicrosoft.com

Sign in to Azure PowerShell interactively

 Get-AzConfig


Get-AzAutomationAccount

List the Commands of the Az.Automation PowerShell Module

Get-Command -Module Az.Automation

No wonder there is no Support for Runtime Environments in the Az.Automation PowerShell Module - last update was a year ago 🫣

Azure API

But there is an API for Runtime Environments

###############################################################################
# Get Runtime Environements
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"

#Invoke AzRestMethod
$Result = Invoke-AzRestMethod -Method "GET" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runtimeEnvironments?api-version=2023-05-15-preview" 

#Show Response
$Result.content

List the Names of the Runtime Environments

#Convert frm JSON and select Name
($result.Content | convertFrom-Json).Value | Select-Object Name

With the API the Name can contain a dot

###############################################################################
# Create Runtime Environement
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"
$RuntimeEnvironment = "PowerShell-7.4"

$body = @"
{
  "properties": {
    "runtime": {
      "language": "PowerShell",
      "version": "7.4"
    },
    "defaultPackages": {
      "Az": "12.3.0",
      "Azure CLI": "2.64.0"
    }
  },
  "location": "westeurope"
}
"@

Invoke-AzRestMethod -Method "PUT" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runtimeEnvironments/$RuntimeEnvironment/?api-version=2023-05-15-preview" -Payload $Body

That’s the Result

There are Default Modules in each Runtime Environement

You can’t currently update the AZ Module to a current Version - but that’s the code how to do it

###############################################################################
# Update Default Packages
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"
$RuntimeEnvironment = "PowerShell-7.4"

$body = @"
{
  "properties": {
    "DefaultPackages": {
      "Az": "13.0.0",
      "Azure CLI": "2.67.0"
    }
  }
}
"@

Invoke-AzRestMethod -Method "Patch" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runtimeEnvironments/$RuntimeEnvironment/?api-version=2023-05-15-preview" -Payload $Body


###############################################################################
#Add Powershell Package
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"
$RuntimeEnvironment = "PowerShell-7.4"
$Module = "Microsoft.Graph.Authentication"

$body = @"
{
"properties": {
    "contentLink": {
    "uri": "https://psg-prod-eastus.azureedge.net/packages/microsoft.graph.authentication.2.25.0.nupkg"
    }
}
}
"@


Invoke-AzRestMethod -Method "PUT" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runtimeEnvironments/$RuntimeEnvironment/packages/Microsoft.Graph.Authentication?api-version=2023-05-15-preview" -Payload $Body

The PowerShell Module is installing

Let’s check the PowerShell Modules of that Runtime Environment

###############################################################################
#Get PowerShell Packages
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"
$RuntimeEnvironment = "PowerShell-7.4"

Invoke-AzRestMethod -Method "GET" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runtimeEnvironments/$RuntimeEnvironment/packages/?api-version=2023-05-15-preview"

Currently it’s installing

In the Azure Portal i can see it is installed

If we check now, and we can see it’s succeeded

If you need to Uninstall a PowerShell Module - use this Code

###############################################################################
#Remove Powershell Package
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"
$RuntimeEnvironment = "PowerShell-7.4"
$Module = "Microsoft.Graph.Authentication"

Invoke-AzRestMethod -Method "DELETE" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runtimeEnvironments/$RuntimeEnvironment/packages/$Module/?api-version=2023-05-15-preview"

The Module is uninstalled

Runbook

As you can see the Runbooks hav been tied to a Runtime Environment

You can update the Runtime Environment to change the PowerShell Version for your Scripts

This can be also archieved with a Script

###############################################################################
#Update Runbook
###############################################################################
$SubscriptionID = "42ecead4-eae9-4456-997c-1580c58b54ba"
$ResourceGroupName = "RG_DEV"
$AutomationAccountName = "icewolfautomation"
$RuntimeEnvironment = "PowerShell-7.4"
$Runbook = "CheckTeamsVersion"

$body = @"
{
  "properties": {
   "runtimeEnvironment": "$RuntimeEnvironment",
   "runbookType": "PowerShell"
  }
}
"@

Invoke-AzRestMethod -Method "PATCH" -Path "/subscriptions/$SubscriptionID/resourceGroups/$ResourceGroupName/providers/Microsoft.Automation/automationAccounts/$AutomationAccountName/runbooks/$Runbook/?api-version=2023-05-15-preview" -Payload $Body

The Runtime Environment has been upgraded

Regards
Andres Bohren

Azure Logo

vscode Logo

PowerShell Logo