Microsoft Azure automation -- Runbooks & Webhooks : A Technical Guide

1 - Introduction:

In the world of cloud computing, automation is the key to effectively managing resources and processes. Microsoft Azure offers a suite of powerful automation tools, among which Runbooks and Webhooks take center stage. This technical guide is designed to help you understand and master the use of Runbooks and Webhooks in Azure Automation. Whether you're a system administrator looking to automate repetitive tasks, a developer looking to integrate services, or simply someone who wants to learn more about Azure, this guide is for you.

2 - What is Azure Automation ?

Azure Automation is a cloud-based automation service that enables developers and system administrators to manage configuration and automation tasks in Azure and in external environments. It offers a variety of features, including update management, configuration management, change tracking and inventory, as well as process automation.

3 - Azure Automation Runbooks :

Runbooks are PowerShell scripts, Python or graphical workflows that can be run to automate tasks. They can be triggered in a variety of ways, including by :

• A calendar
• A webhook
• An Azure alert
• Another Azure Automation action

Runbooks can be used to automate a wide range of tasks, such as :

• Automated resource deployment and management
• Scheduled maintenance tasks
• Response to monitoring alerts
• Software and application configuration
• Data collection and analysis
• Notification of administrators in the event of problems

Runbooks types :

• PowerShell Runbooks
• PowerShell Workflow Runbooks
• Python Runbooks
• Graphical Runbooks

4 - Azure Automation Webhooks :

Webhooks are a way of triggering a Runbook from an external event. For example, you can use a webhook to trigger a runbook when a new e-mail arrives in a specific inbox, or when a ticket is created in an incident tracking system.

Webhooks are created using a unique URL that can be called up from any system or application. When the URL is called, the associated Runbook is triggered and the call data is transmitted to the Runbook.

5 - Advantages of using Runbooks and Webhooks :

The use of Runbooks and Webhooks offers a number of advantages :

• Increased efficiency : Runbooks and Webhooks can automate manual tasks, saving time and improving productivity.
• Reduced errors : Runbooks and Webhooks can automate error-prone tasks, which can reduce the number of human errors.
• Improved consistency : Runbooks and Webhooks ensure that tasks are carried out in the same way every time, which can improve the consistency and quality of results.
• Increased agility : Runbooks and Webhooks can be used to create flexible workflows that can be easily adapted to changing needs.

Since I'm using my tenant for testing purposes, I'm going to use Runbooks and Webhooks in this blog to daily remove all Azure resources to avoid unplanned costs.

6 - Pricing :

Azure Automation is billed according to two main components :

• Process Automation : charged per minute of job execution. This means you pay according to how long your scripts and runbooks take to run.
• Configuration Management : charged per node managed. A node generally represents a machine or service instance that you manage using Azure Automation.

Here is an example for process automation :

• 500 minutes of process automation and 744 hours of watchers are free each month for process automation.

7 - Mindmap to Create Runbook and webhook :

8 - Create Automation Account and Runbooks :

Before starting to create runbooks and webhooks, you must first create an automation account, because runbooks and webhooks will be created inside this automation account.

as I said since I'm using my tenant for testing purposes, I'm going to use Runbooks and Webhooks in this blog to daily remove all Azure resources to avoid unplanned costs.

A - Create and configure Automation Account :

To create an Azure Automation account, follow the steps below:

• Log in to the Azure portal
• type "Automation" in the top search bar and select "Automation Accounts"

• Select "+ Create"

• Fill in the required information, such as subscription, resource group, Automation account name and region, then click "Review + Create".

Click create to finish Account creation.

After creating Automation account we should Assign it with the right permissions, for this :

• Go to the Automation account
• select "Identity" from the left menu bar.
• Select "System assigned" panel.
• Select "Azure role assignement" buton

• Select "+ Add role assignment"

• Select Subscription scope
• Select your subscription Name
• Select Role (in my case I have selected Owner role)
• Select Save

This steps will allow Automation account to execute runbooks with appropriate rights.

B - Create Runbook :

After Creating Automation Account, we will proceed to Runbook creation, for this :

• Access to the new Automation Account.
• Go to "Runbooks" in the left menu bar.
• Select "+ Create a Runbook" to start new runbook creation.

• Fill in the required information, Name, Runbook Type (PowerShell, Python, PowerShell Workflow, Graphical PowerShell, Graphical PowerShell Workflow) , Runtime version, and description, then click "Review + Create".

• Select Create to finish Runbook creation.

• Select newly created Runbook

• Select "+ Edit" then select "Edit in portal".

• He you should enter your powershell script :

Here in this script I will delete all azure ressources groups execpt ("LogAnalysis" , "AzureCleaner" , "NetworkWatcherRG") then create empty resource group called "Test-RG".

• AzureCleaner : Conatain Automation Account
• NetworkWatcherRG : Network watcher for azure CLI
• LogAnalysis : to store Log Analisis
• Test-RG : to test azure deployments and resources.

try
{
    "Logging in to Azure..."
    Connect-AzAccount -Identity
}
catch 
{
    Write-Error -Message $_.Exception
    throw $_.Exception
}

# Retrieve a list of all resource groups
$resourceGroups = Get-AzResourceGroup

# Resources to keep
$Keep = "LogAnalysis" , "AzureCleaner" , "NetworkWatcherRG" 

# Delete each resource group
foreach ($resourceGroup in $resourceGroups) 
{
	# Remove the resources
    	if($resourceGroup.ResourceGroupName -notin $Keep)
    	{
    		Remove-AzResourceGroup -Name $resourceGroup.ResourceGroupName -Force
		write-host "Deleted : $($resourceGroup.ResourceGroupName) "
	}
}

# Create New RG 
New-AzResourceGroup -Name "TEST-RG" -Location "East US" -Force        

• Clic save then Publish.

• After publishing the runbook, it should be showed in green color as following screenshot.

C - Create schedule :

Now, we should create shcedule for our runbook execution, in my case I will create daily schedule job.

• Open DeleteRG Runbook
• Select "Schedules" from the left menu bar
• select "+ Add a schedule" to add job schedule

• Fill in the required information, schedule name, start date and time, recurrence...etc , then select "Create".

D - Test runbook :

In this section we will test our runbook, for this :

• select "Start"
• Select "Jobs" menu from left menu bar then select "Output" to see job execution results.

Here we can see script is executing tasks and runbook executed successfully.

9 - Start a Runbook from a webhook :

A webhook allows an external service to start a particular runbook in Azure Automation through a single HTTP request. External services include Azure DevOps Services, GitHub, Azure Monitor logs, and custom applications. Such a service can use a webhook to start a runbook without implementing the full Azure Automation API.

Here are some important properties of a webhook in Azure Automation:

• Name : Name of the webhook. It is only used to identify the runbook in Azure Automation.
• URL : Webhook URL. This is the unique address that a client calls with an HTTP POST method to start the runbook linked to the webhook.
• Expiration date : Expiration date of the webhook, after which it can no longer be used.
• Enabled : Parameter indicating whether the webhook should be enabled by default when it is created.

A webhook can be used to pass parameters that will be used for Runbook execution (for more details).

keep in mind client requirements for TLS 1.2 or higher with webhooks.

A - Create a new webhook :

• Open your runbook (DeleteRG in my case)
• Select "Webhooks" from the left menu bar
• Select "+ Webhook" to start webhook creation

• Fill in the required information, Name, Enabled and expiration date...etc
• Copy https URL in secure place (keep in mind you will never be able to get the link after selecting OK buton)
• Select OK.

• Select "Create" (here you can add script parameters and run settings, not in my case).

here is the link I have copied from webhook (Fake link??).

Copy paste this Powershell script in your PC (Dont forget to replace the fake link) and execute it :

$webhookURI = "https://2c848b7a-f51f-4113-8aa2-37e8b4fa3716.webhook.eus.azure-automation.net/webhooks?token=vPFDWuRtvzBssdfsxSX13aUPxVr14s5sdEeCSUYXoSVE"

$response = Invoke-WebRequest -Method Post -Uri $webhookURI

$response        

here is execution results, we can see StatusCode equal 202 that mean script Accepted and execution is started on Microsoft Azure.

Here is Execution result after script execution, all ressources deleted as expected.

To check Runbook execution history :

• select Jobs from the left menu bar, as you can see all jobs status are completed and seccessfully executed.

10 - Conclusion :

In conclusion, automation in Microsoft Azure, in particular the use of Runbooks and Webhooks, offers a wealth of possibilities for improving efficiency and productivity. This guide aims to provide you with the knowledge and skills you need to make the most of these tools. By following the instructions and tips provided in this guide, you'll be able to transform the way you work with Azure.

Thanks

Aymen EL JAZIRI

System Administrator