Step 5

Just like before, we will be using Azure PowerShell to create a new Azure Automation account within a resource group. Before creating a resource group and an automation account, a connection to Azure should be established. However, this time, the credentials used should not be the credentials used earlier. Instead, use the service application created in the previous step:

  1. The command to connect to Azure using the service application is as follows:
Login-AzureRmAccount -ServicePrincipal -CertificateThumbprint "003B0D26705C792DB60823DA5804A0897160C306" -ApplicationId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Tenant "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  1. Here, the applicationId is available after executing the New-AzureRmADApplication cmdlet, and the tenant ID and the subscription ID can be retrieved using the command shown next. The subscription ID will be needed in subsequent commands:
Get-AzureRmcontext
  1. After connecting to Azure, a new resource containing resources for the solution and a new Azure Automation account should be created, as shown next. We are naming the resource group VaultMonitoring, and creating it in the West Europe region. We will be creating the remainder of the resources in this resource group as well:
$IntegrationResourceGroup = "VaultMonitoring"
$rgLocation = "West Europe"
$automationAccountName = "MonitoringKeyVault"
New-AzureRmResourceGroup -name $IntegrationResourceGroup -Location $rgLocation
New-AzureRmAutomationAccount -Name $automationAccountName -ResourceGroupName $IntegrationResourceGroup -Location $rgLocation -Plan Free
  1. Create three automation variables, as shown next. The values for these, that is, subscription ID, tenant ID, and application ID, should already be available using previous steps:
New-AzureRmAutomationVariable -Name "azuresubscriptionid" -AutomationAccountName $automationAccountName -ResourceGroupName $IntegrationResourceGroup -Value " xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx " -Encrypted $true

New-AzureRmAutomationVariable -Name "azuretenantid" -AutomationAccountName $automationAccountName -ResourceGroupName $IntegrationResourceGroup -Value " xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx " -Encrypted $true

New-AzureRmAutomationVariable -Name "azureappid" -AutomationAccountName $automationAccountName -ResourceGroupName $IntegrationResourceGroup -Value " xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx " -Encrypted $true
  1. Now it's time to upload a certificate that will be used to connect to Azure from Azure Automation:
$securepfxpwd = ConvertTo-SecureString -String 'password' -AsPlainText -Force # Password for the private key PFX certificate
New-AzureRmAutomationCertificate -Name "RitestSubscriptionCertificate" -Path "C:\book\azureautomation.pfx" -Password $securepfxpwd -AutomationAccountName $automationAccountName -ResourceGroupName $IntegrationResourceGroup
  1. The next step is to install PowerShell modules related to Key Vault and Event Grid in the Azure Automation account, as these modules are not installed by default.
  2. From the Azure portal, navigate to the already-created VaultMonitoring resource group by clicking on the Resource Groups icon in the left-hand menu.
  1. Click on the already provisioned Azure Automation account, MonitoringKeyVault, and click on Modules in the left-hand menu, as shown in the following screenshot:

The Event Grid module is dependent on the AzureRm.profile module, and so we have to install it before the Event Grid module.

  1. Click on Browse Gallery in the top menu and type Azurerm.profile in the search box, as shown in the following screenshot:

  1. From the search results, select AzureRM.profile and click on the Import button in the top menu. Finally, click on the OK button. This step takes a few seconds to complete. After a few seconds, the module should be installed as shown in the following screenshot:

  1. The status of the installation can be checked from the Module menu item. The following screenshot shows how we can import a module:

  1. Perform similar steps as shown in step 9, 10 and 11 before to import and install the AzureRM.EventGrid module:

  1. Perform similar steps as shown in step 9, 10 and 11 before to import and install the AzureRM.KeyVault module: