This post is provided in the case that when you created your Azure Automation Account, you did not have the option or you deselected the option to ‘Create Azure Run As account’. The Azure Automation Connection Asset that results will be suitable for management operations that impact certain Azure subscription assets such as VMs, networks, storage.
You need to start with creating and installing a certificate asset as outlined here.
Then, open an administrator PowerShell command line. Authenticate using:
Login-AzureRmAccount
Copy down the Tenant Id and Subscription Id from the output for later. Next, issue these commands:
$cert = ( Get-ChildItem -Path cert:CurrentUserMyYOURCERTIFICATETHUMBPRINT )
$keyValue = [System.Convert]::ToBase64String($cert.GetRawCertData())
Next, run the commands that create the Azure Active Directory application and service principal objects. The New-AzureRmADApplication cmdlet uses the $keyValue to authenticate accesses requested by future uses of the service principal in your runbooks.
$azureAdApplication = New-AzureRmADApplication -DisplayName "myAutomationCert" -HomePage "https://myAutomationCert" -IdentifierUris "https://myAutomationCert" -KeyValue $keyValue -KeyType AsymmetricX509Cert -EndDate $cert.NotAfter -StartDate $cert.NotBefore
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId
This page gives some information on how to create the connection asset. Select ‘Azure Service Principal’ as the Type of connection. The fields needed will be:
-
Application Id
Tenant Id
Certificate Thumbprint
Subscription Id
This command will show you the Application Id:
$azureAdApplication
Additional details of this procedure may be viewed here.
Cheers!