Administering your azure subscription via powershell cmdlets is a great option for automating tasks such as starting and stopping vms, downloading blobs, etc. In the past I used the Azure-AddAccount cmdlet to authenticate. This is great but not the best option for scheduling your powershell scripts as it requires you to input your azure login credentials. The best option for automating your scripts is to authenticate via an X509 certificate. There are a couple steps to accomplish this:
- Download and install Azure Powershell cmdlets
- Generate X509 cert (management cert) for Azure
- Upload the cer file to Azure
- Create authenticate powershell script
Lets get started, shall we?
Download and install Azure Powershell cmdlets
Grab the latest version of Azure Powershell cmdlets from: http://azure.microsoft.com/en-us/downloads/
Generate X509 cert (management cert) for Azure
Fire up Visual Studio 2010 or 2012 command prompt (run as Administrator) and run the following command, change SampleCompany to a name you can recognize:
makecert -sky exchange -r -n "CN=SampleCompany" -pe -a sha1 -len 2048 -ss My "SampleCompany.cer"
Upload the cert file to Azure
Login to your azure account by heading to http://manage.windowsazure.com, browse to Settings on the left side, then click on Management Certificates:
Click on Upload at the button and specify the .cer file you generated in the previous step.
After the certificate has been uploaded, take a note of the thumbprint property, we will use this later.
For more detailed instructions on this step, see this page: https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx
Create authenticate powershell script
Now that we have our generated certificate uploaded to Azure we can go ahead and create a script to authenticate with that certificate. Fire up your favorite text editor and place the following in there:
$ThumbPrint = "<CERT THUMBPRINT>" $SubscriptionId = "<SUBSCRIPTION ID>" $SubscriptionName = "<SUBSCRIPTION NAME>" $myCert = Get-Item cert:\\CurrentUser\My\$ThumbPrint Set-AzureSubscription -SubscriptionName $SubscriptionName -SubscriptionId $SubscriptionId -Certificate $myCert Select-AzureSubscription -SubscriptionName $SubscriptionName
Replace the value for the $Thumbprint variable from the information we noted in the previous step.
You can get your subscription id and subscription name from the settings page in Azure as well.
Save the file as “Authenticate.ps1”
In a powershell console, browse to the location where you saved Authenticate.ps1 and run the following command:
.\Authenticate.ps1
Now that you have authenticated, you can run any azure powershell cmdlet such as:
Get-AzureWebsite
See the Azure Cmdlet reference by browsing to: https://msdn.microsoft.com/en-us/library/azure/jj554330.aspx for a full listing of commands you can now run.
If you have any questions, please feel free to contact me.