feat(automation): add Azure Automation module with scheduled runbook for AKS and PostgreSQL startup

Author: agreaves-ms

deploy/001-iac/automation/main.tf

@@ -0,0 +1,53 @@
+/**
+ * # Azure Automation Standalone Configuration
+ *
+ * Deploys Azure Automation Account with scheduled runbook to start
+ * AKS cluster and PostgreSQL server every morning.
+ * Uses data sources to reference existing platform infrastructure.
+ */
+locals {
+  resource_group_name = coalesce(var.resource_group_name, "rg-${var.resource_prefix}-${var.environment}-${var.instance}")
+  aks_cluster_name    = coalesce(var.aks_cluster_name, "aks-${var.resource_prefix}-${var.environment}-${var.instance}")
+  postgresql_name     = coalesce(var.postgresql_name, "psql-${var.resource_prefix}-${var.environment}-${var.instance}")
+}
+
+data "azurerm_resource_group" "this" {
+  name = local.resource_group_name
+}
+
+data "azurerm_kubernetes_cluster" "this" {
+  name                = local.aks_cluster_name
+  resource_group_name = local.resource_group_name
+}
+
+data "azurerm_postgresql_flexible_server" "this" {
+  count               = var.should_start_postgresql ? 1 : 0
+  name                = local.postgresql_name
+  resource_group_name = local.resource_group_name
+}
+
+// ============================================================
+// Automation Module
+// ============================================================
+
+module "automation" {
+  source = "../modules/automation"
+
+  // Core variables
+  environment     = var.environment
+  resource_prefix = var.resource_prefix
+  location        = var.location
+  instance        = var.instance
+  tags            = {}
+
+  resource_group = data.azurerm_resource_group.this
+
+  // Dependencies from data sources
+  aks_cluster = data.azurerm_kubernetes_cluster.this
+
+  postgresql_server = var.should_start_postgresql ? data.azurerm_postgresql_flexible_server.this[0] : null
+
+  // Automation configuration
+  schedule_config     = var.schedule_config
+  runbook_script_path = "${path.module}/scripts/Start-AzureResources.ps1"
+}

deploy/001-iac/automation/outputs.tf

@@ -0,0 +1,32 @@
+/**
+ * # Automation Deployment Outputs
+ *
+ * Outputs from standalone automation deployment.
+ */
+
+/*
+ * Automation Account Outputs
+ */
+
+output "automation_account" {
+  description = "Automation account resource details including id, name, and principal_id"
+  value       = module.automation.automation_account
+}
+
+/*
+ * Runbook Outputs
+ */
+
+output "runbook" {
+  description = "Runbook resource details"
+  value       = module.automation.runbook
+}
+
+/*
+ * Schedule Outputs
+ */
+
+output "schedule" {
+  description = "Schedule resource details including name, week_days, and timezone"
+  value       = module.automation.schedule
+}

deploy/001-iac/automation/scripts/Start-AzureResources.ps1

@@ -0,0 +1,94 @@
+<#
+.SYNOPSIS
+    Starts Azure resources (PostgreSQL and AKS) for daily operations.
+.DESCRIPTION
+    This runbook starts a PostgreSQL Flexible Server first, waits for it
+    to become available, then starts an AKS cluster.
+    Uses system-assigned managed identity for authentication.
+.PARAMETER ResourceGroupName
+    The resource group containing the resources.
+.PARAMETER PostgresServerName
+    The PostgreSQL Flexible Server name (optional, empty string to skip).
+.PARAMETER AksClusterName
+    The AKS cluster name.
+#>
+
+param(
+    [Parameter(Mandatory = $true)]
+    [string]$ResourceGroupName,
+
+    [Parameter(Mandatory = $false)]
+    [string]$PostgresServerName,
+
+    [Parameter(Mandatory = $true)]
+    [string]$AksClusterName
+)
+
+$ErrorActionPreference = 'Stop'
+Disable-AzContextAutosave -Scope Process | Out-Null
+
+try {
+    Write-Output "=========================================="
+    Write-Output "Start Azure Resources Runbook"
+    Write-Output "=========================================="
+    Write-Output "Resource Group: $ResourceGroupName"
+    Write-Output "PostgreSQL:     $($PostgresServerName ? $PostgresServerName : '(not configured)')"
+    Write-Output "AKS Cluster:    $AksClusterName"
+    Write-Output ""
+
+    Write-Output "Connecting to Azure using managed identity..."
+    $AzureContext = (Connect-AzAccount -Identity).Context
+    Set-AzContext -SubscriptionId $AzureContext.Subscription.Id | Out-Null
+    Write-Output "Connected to subscription: $($AzureContext.Subscription.Name)"
+
+    # Start PostgreSQL first (dependency for AKS workloads)
+    if ($PostgresServerName -and $PostgresServerName -ne "") {
+        Write-Output ""
+        Write-Output "Checking PostgreSQL Flexible Server '$PostgresServerName' status..."
+        $pgServer = Get-AzPostgreSqlFlexibleServer -ResourceGroupName $ResourceGroupName -Name $PostgresServerName
+
+        if ($pgServer.State -eq "Stopped") {
+            Write-Output "Starting PostgreSQL Flexible Server..."
+            Start-AzPostgreSqlFlexibleServer -ResourceGroupName $ResourceGroupName -Name $PostgresServerName
+
+            # Poll for Ready state with timeout
+            $maxWaitSeconds = 300
+            $pollInterval = 15
+            $elapsed = 0
+            while ($elapsed -lt $maxWaitSeconds) {
+                $pgServer = Get-AzPostgreSqlFlexibleServer -ResourceGroupName $ResourceGroupName -Name $PostgresServerName
+                if ($pgServer.State -eq "Ready") {
+                    Write-Output "PostgreSQL server is now Ready."
+                    break
+                }
+                Write-Output "PostgreSQL state: $($pgServer.State). Waiting..."
+                Start-Sleep -Seconds $pollInterval
+                $elapsed += $pollInterval
+            }
+            if ($pgServer.State -ne "Ready") {
+                Write-Warning "PostgreSQL did not reach Ready state within $maxWaitSeconds seconds. Current state: $($pgServer.State)"
+            }
+        }
+        elseif ($pgServer.State -eq "Ready") {
+            Write-Output "PostgreSQL server is already running."
+        }
+        else {
+            Write-Warning "PostgreSQL server is in unexpected state: $($pgServer.State)"
+        }
+    }
+
+    # Start AKS cluster
+    Write-Output ""
+    Write-Output "Starting AKS cluster '$AksClusterName'..."
+    Start-AzAksCluster -Name $AksClusterName -ResourceGroupName $ResourceGroupName
+    Write-Output "AKS cluster start initiated."
+
+    Write-Output ""
+    Write-Output "=========================================="
+    Write-Output "Resource startup completed successfully!"
+    Write-Output "=========================================="
+}
+catch {
+    Write-Error "Runbook failed: $_"
+    throw
+}

deploy/001-iac/automation/variables.tf

@@ -0,0 +1,80 @@
+/**
+ * # Automation Deployment Variables
+ *
+ * Input variables for standalone automation deployment.
+ */
+
+/*
+ * Core Variables - Required
+ */
+
+variable "environment" {
+  type        = string
+  description = "Environment for all resources in this module: dev, test, or prod"
+}
+
+variable "location" {
+  type        = string
+  description = "Location for all resources in this module"
+}
+
+variable "resource_prefix" {
+  type        = string
+  description = "Prefix for all resources in this module"
+}
+
+/*
+ * Core Variables - Optional
+ */
+
+variable "instance" {
+  type        = string
+  description = "Instance identifier for naming resources: 001, 002, etc"
+  default     = "001"
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Existing resource group name (Otherwise 'rg-{resource_prefix}-{environment}-{instance}')"
+  default     = null
+}
+
+/*
+ * Resource Override Variables - Optional
+ */
+
+variable "aks_cluster_name" {
+  type        = string
+  description = "Override AKS cluster name (Otherwise 'aks-{resource_prefix}-{environment}-{instance}')"
+  default     = null
+}
+
+variable "postgresql_name" {
+  type        = string
+  description = "Override PostgreSQL server name (Otherwise 'psql-{resource_prefix}-{environment}-{instance}')"
+  default     = null
+}
+
+/*
+ * Automation Configuration - Optional
+ */
+
+variable "schedule_config" {
+  type = object({
+    start_time = string
+    week_days  = list(string)
+    timezone   = string
+  })
+  description = "Schedule configuration for startup runbook including start time (HH:MM), week days, and timezone"
+  default = {
+    start_time = "08:00"
+    week_days  = ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday"]
+    timezone   = "UTC"
+  }
+}
+
+variable "should_start_postgresql" {
+  type        = bool
+  description = "Whether to include PostgreSQL in the startup sequence"
+  default     = true
+}

deploy/001-iac/automation/versions.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 4.51.0"
+    }
+  }
+  required_version = ">= 1.9.8, < 2.0"
+}
+
+provider "azurerm" {
+  storage_use_azuread = true
+  partner_id          = "acce1e78-0375-4637-a593-86aa36dcfeac"
+  features {}
+}

deploy/001-iac/modules/automation/main.tf

@@ -0,0 +1,108 @@
+/**
+ * # Azure Automation Module
+ *
+ * Creates an Azure Automation Account with a scheduled PowerShell runbook
+ * for automated startup of AKS clusters and PostgreSQL servers.
+ */
+locals {
+  automation_account_name = "aa-${var.resource_prefix}-${var.environment}-${var.instance}"
+  runbook_name            = "Start-AzureResources"
+  schedule_name           = "morning-startup"
+  location                = coalesce(var.location, var.resource_group.location)
+}
+
+// ============================================================
+// Automation Account
+// ============================================================
+
+resource "azurerm_automation_account" "this" {
+  name                = local.automation_account_name
+  location            = local.location
+  resource_group_name = var.resource_group.name
+  sku_name            = "Basic"
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  tags = var.tags
+}
+
+// ============================================================
+// Runbook
+// ============================================================
+
+resource "azurerm_automation_runbook" "start_resources" {
+  name                    = local.runbook_name
+  location                = local.location
+  resource_group_name     = var.resource_group.name
+  automation_account_name = azurerm_automation_account.this.name
+  runbook_type            = "PowerShell72"
+  log_verbose             = true
+  log_progress            = true
+  description             = "Starts PostgreSQL and AKS cluster for morning operations"
+
+  content = file(var.runbook_script_path)
+
+  tags = var.tags
+}
+
+// ============================================================
+// Schedule
+// ============================================================
+
+resource "azurerm_automation_schedule" "morning_startup" {
+  name                    = local.schedule_name
+  resource_group_name     = var.resource_group.name
+  automation_account_name = azurerm_automation_account.this.name
+  frequency               = "Week"
+  interval                = 1
+  timezone                = var.schedule_config.timezone
+  start_time              = timeadd(timestamp(), "24h")
+  week_days               = var.schedule_config.week_days
+  description             = "Start AKS and PostgreSQL every morning at ${var.schedule_config.start_time} ${var.schedule_config.timezone}"
+
+  lifecycle {
+    ignore_changes = [start_time]
+  }
+}
+
+// ============================================================
+// Job Schedule
+// ============================================================
+
+resource "azurerm_automation_job_schedule" "start_resources" {
+  resource_group_name     = var.resource_group.name
+  automation_account_name = azurerm_automation_account.this.name
+  schedule_name           = azurerm_automation_schedule.morning_startup.name
+  runbook_name            = azurerm_automation_runbook.start_resources.name
+
+  // Parameter keys MUST be lowercase (Azure API normalization)
+  parameters = {
+    resourcegroupname  = var.resource_group.name
+    postgresservername = var.postgresql_server != null ? var.postgresql_server.name : ""
+    aksclustername     = var.aks_cluster.name
+  }
+}
+
+// ============================================================
+// RBAC Assignments
+// ============================================================
+
+resource "azurerm_role_assignment" "aks_contributor" {
+  scope                            = var.aks_cluster.id
+  role_definition_name             = "Azure Kubernetes Service Contributor Role"
+  principal_id                     = azurerm_automation_account.this.identity[0].principal_id
+  principal_type                   = "ServicePrincipal"
+  skip_service_principal_aad_check = true
+}
+
+resource "azurerm_role_assignment" "postgresql_contributor" {
+  count = var.postgresql_server != null ? 1 : 0
+
+  scope                            = var.postgresql_server.id
+  role_definition_name             = "Contributor"
+  principal_id                     = azurerm_automation_account.this.identity[0].principal_id
+  principal_type                   = "ServicePrincipal"
+  skip_service_principal_aad_check = true
+}