Azure Automation is a cloud-based service that helps you to automate and manage various processes, tasks, and workflows in your environment.
It allows you to create, schedule, and run runbooks that perform various automation tasks. To manage and access Azure resources from within these runbooks, you need to create a Run As account. A Run As account is a set of credentials that can be used to authenticate to Azure resources, and it is essential for automating and managing your resources.
In this blog post, we will discuss the steps involved in migrating Azure Automation Run As accounts to Managed Identities.
The reason for doing so is the below announcement from Microsoft:
Azure Automation Run As Account will retire on September 30, 2023 and will be replaced with Managed Identities
A managed identity is an Azure resource that is automatically created and managed by Azure.
It allows you to authenticate to Azure resources without having to manage the credentials yourself. A managed identity is available at the resource level, and it can be assigned to one or more Azure resources. This eliminates the need for storing credentials in your code or configuration files.
Here are the steps that we have followed and sharing here on how to move away from Azure Run As accounts:
Go to automation account under Account settingsà identity
Turn on the System Assigned Managed identity and hit save.
On save it will automatically create a system managed identity.
Our Runbook was utilizing Keyvault using below code:
Now as we have a system managed identity, go to Azure
KeyVault and provide access to the it by going to access policies.
After this is done, just update the code in your run book.
The code is now simpler as it does not require any credential details, but just connecting as identity.
Refer for more details:
Migrate from an existing Run As account to Managed identities
If you have changed all the runbooks, go ahead and delete the Run As Account.
Migrating to Managed Identities provides several benefits, including:
- Enhanced Security: Using Managed Identities eliminates the need for storing credentials, reducing the risk of credential exposure.
- Simplified Credential Management: With Managed Identities, you don’t need to manage credentials, reducing the overhead of credential rotation and management.
- Easy Deployment: Managed Identities are easy to deploy and configure.
Thanks for reading…