I’ve recently been (finally) getting to speed with Azure Resource Manager¬†(ARM). It’s the management¬†layer that drives the new Azure Portal¬†and also features like Resource Groups and Role-Based Access Control.
You can interact with ARM in a number of ways:
To authenticate to the ARM API you need to use an Azure AD credential. This is all well and good if you are¬†logged into the Portal, or running a script on your computer (where a web browser login prompt to Azure AD will pop up), but when automating your API calls¬†that’s not available.
The only problem with this post is that there are a few manual steps and it’s quite fiddly to do (by David’s¬†own admission). I’ve developed a PowerShell module¬†that you can use to idempotently create a Service Principal against either an entire Azure subscription or against a specific Resource Group that you can then use to automate your¬†ARM code.
In order to use it you need to:
- Ensure you have the Windows Azure PowerShell commandlets installed
- Download the Set-ARMServicePrincipalCredential.psm1 file from my GitHub repository
- Download the Azure Key Vault PowerShell commandlets and put the AADGraph.ps1 file next to the file from GitHub
- Execute the Set-ARMServicePrincipalCredential command as¬†per the examples on GitHub
This will pop up a web browser prompt to authenticate (this will happen twice since I’m using two disjointed libraries – hopefully this will get resolved if Azure AD commandlets end up becoming integrated with the Azure Commandlets) give you the following information:
- Tenant ID
- Client ID
From there you have all the information you need to authenticate your automated script with ARM.
If using PowerShell then this will look like:
$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force $servicePrincipalCredentials = New-Object System.Management.Automation.PSCredential ($ClientId, $securePassword) Add-AzureAccount -ServicePrincipal -Tenant $TenantId -Credential $servicePrincipalCredentials | Out-Null
If using ARMClient then this will look like:
armclient spn $TenantId $ClientId $Password | Out-Null