An automation account can be a powerful way to get your environment up and going quickly! Automating repetitive tasks is key to paying back dividends of time in your environment so consider an automation account to schedule out tasks on a time basis or even through a webhook. As a word of caution, make sure you are up to date on your modules and constantly check for the latest microsoft module change over. In this article we’ll look at provisioning an Automation Account with Azure Bicep.
Naming conventions are very important in Azure as a whole; so it helps to identify the where/how/why things exist. To make sure this template can be provisioned at scale without causing complications, I’ve structured this template in a way that would minimize human intervention. Ideally, you would want 2-3 versions of the code below for ‘Test’, ‘Dev’, ‘Prod’, environments. For simplification, this example focuses on creating a single instance in a “Test” environment. Bicep template deployments are intended to make a consistent fully configured resource that is ready to go for your customers. So the first piece we will focus on the name of the resource.
Naming Convention
The first line enforces that the resource name can be no more than 15 characters long. Azure has a character limit of 50 for automation accounts, but having them TOO long can make them difficult to read; so to get the point across to the user while including valuable information in the name, I’ve specified a 15 character limit.
@maxLength(15)
Next, i’ve specified a prefix, The prefix is a static set of characters in which to identify this resource entity as an automation account, in this example, I”ve chosen ‘azutomation’, but you may choose any preference here…such as AA, or you may even have certain business requirements that permit your naming convention as a per project basis.
param automationaccountprefix string = 'azautomation'
The next line checks the current resource group location, If the requested resource group is in the East US, then EastUS is concatenated to eus and put into the name of the automation account.
var locationconcat = location == 'eastus' ? 'eus' : resourceGroup().location
Environment name indicates the type of environment that you wish to provision the resource in, for this example I’ve statically assigned “Test” as the environment.
In order to make everything lowercase and uniform, I’ve included a few lines that will take the environment variable name and force it as lowercase.
var envshort = take(lowerenvname,1)
var lowerenvname = toLower(envname)
The 7th and 8th line of the name builder block is kind of neat! It will seek out the resource group you are provisioning the resource too and get the ID of the resource group, then it compiles it as hexadecimal characters and decompiles it again, thus ensuring that you have a truly unique set of characters in which to create the resource. The 8th line takes the last 2 characters of the unique resource group ID.
var uniqueID = uniqueString(resourceGroup().id)
var uniqueIDshort = take(uniqueID,2)
Lastly, the icing on the cake is where it’s all put together in variables that look very similar to powershell variables and then wrapped into a single bicep variable to be used latter in the naming script.
var automationaccountnameassembled = '${automationaccountprefix}${envshort}${locationconcat}${uniqueIDshort}'
Here is the naming code block all put together to form a consistent naming convention for your automation account. You could even seperate these strings with dashes (-) to make the entities more easily readable.
@maxLength(15)
param automationaccountprefix string = 'azautomation'
var locationconcat = location == 'eastus' ? 'eus' : resourceGroup().location
var envname = 'Test'
var lowerenvname = toLower(envname)
var envshort = take(lowerenvname,1)
var uniqueID = uniqueString(resourceGroup().id)
var uniqueIDshort = take(uniqueID,2)
var automationaccountnameassembled = '${automationaccountprefix}${envshort}${locationconcat}${uniqueIDshort}'
Parameters
Now that the naming convention is complete, we can move on to some strings that will be used for the automation account creation itself. When provisioning virtually ANY resource in azure via a bicep template, I typically provision it in the resource group I’ve targeted for the deployment, Deploying it in a separate resource group just makes things overcomplicated. For this, I’ve specified for the resource to be deployed to the resource group location
param location string = resourceGroup().location
Next I’ve indicated for the automation account not to have public access; having a secure cloud is top priority for any environment so this parameter should be set to false.
param publicnetworkaccess bool = False
The skuname is a required parameter for deploying an automation account. The options are ‘Basic’ and ‘Free’. In this example, we are going to choose ‘Basic’ as the skuname to deploy
param skuname string = 'Basic'
For the last parameter we need to indicate an identity type, this is used to indicate the type of identity to be used for runing the jobs, In this example we will choose ‘systemassigned’
param identitytype string = 'SystemAssigned'
At last, we can specify a resource, give it a symbolic name, and indicate the Resource Provider to use. Simply plug in the Variable and Parameter names into their respective locations in the resource. The tags included in this example will add a tag for the subscription name , Resource Group name, and environment type. Feel Free to adjust as needed.
Here is the full block of code
//max length of resource names
@maxLength(15)
param automationaccountprefix string = 'azautomation'
var locationconcat = location == 'eastus' ? 'eus' : resourceGroup().location
var envname = 'Test'
var lowerenvname = toLower(envname)
var envshort = take(lowerenvname,1)
var uniqueID = uniqueString(resourceGroup().id)
var uniqueIDshort = take(uniqueID,2)
var automationaccountnameassembled = '${automationaccountprefix}${envshort}${locationconcat}${uniqueIDshort}'
param location string = resourceGroup().location
param publicnetworkaccess bool = False
param skuname string = 'Basic'
param identitytype string = 'SystemAssigned'
resource Resource_AutomationAccount1 'Microsoft.Automation/automationAccounts@2021-06-22' = {
name: automationaccountnameassembled
location: location
tags: {
Subscription: subscription().displayName
ResourceGroup: resourceGroup().name
Environment: envname
}
identity: {
type: identitytype
}
properties: {
publicNetworkAccess: publicnetworkaccess
sku: {
capacity: null
family: null
name: skuname
}
}
}