You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/automation/migrate-run-as-accounts-managed-identity.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,18 +35,18 @@ Ensure the following to migrate from the Run As account to Managed identities:
35
35
36
36
1. Assign same role to the managed identity to access the Azure resources matching the Run As account. Follow the steps in [Check role assignment for Azure Automation Run As account](manage-run-as-account.md#check-role-assignment-for-azure-automation-run-as-account). Ensure that you don't assign high privilege permissions like Contributor, Owner and so on to Run as account. Follow the RBAC guidelines to limit the permissions from the default Contributor permissions assigned to Run As account using this [script](manage-run-as-account.md#limit-run-as-account-permissions)
37
37
38
-
For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account needs to be only for starting or stopping the VM. Similarly, assign read-only permissions if a runbook is reading from blob storage. Read more about [Azure Automation security guidelines](../automation/automation-security-guidelines.md#authentication-certificate-and-identities).
38
+
For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account needs to be only for starting or stopping the VM. Similarly, assign read-only permissions if a runbook is reading from blob storage. Read more about [Azure Automation security guidelines](../automation/automation-security-guidelines.md#authentication-certificate-and-identities).
39
39
40
40
## Migrate from Automation Run As account to Managed Identity
41
41
42
42
To migrate from an Automation Run As account to a Managed Identity for your runbook authentication, follow the steps below:
43
43
44
44
1. Change the runbook code to use managed identity. We recommend that you test the managed identity to verify if the runbook works as expected by creating a copy of your production runbook to use managed identity. Update your test runbook code to authenticate by using the managed identities. This ensures that you don't override the AzureRunAsConnection in your production runbook and break the existing Automation. After you are sure that the runbook code executes as expected using the Managed Identities, update your production runbook to use managed identities.
45
45
46
-
For Managed Identity support, use the Az cmdlet Connect-AzAccount cmdlet. use the Az cmdlet `Connect-AzAccount` cmdlet. See [Connect-AzAccount](https://learn.microsoft.com/powershell/module/az.accounts/Connect-AzAccount?branch=main&view=azps-8.3.0) in the PowerShell reference.
46
+
For Managed Identity support, use the Az cmdlet Connect-AzAccount cmdlet. use the Az cmdlet `Connect-AzAccount` cmdlet. See [Connect-AzAccount](https://learn.microsoft.com/powershell/module/az.accounts/Connect-AzAccount?branch=main&view=azps-8.3.0) in the PowerShell reference.
47
47
48
48
- If you are using Az modules, update to the latest version following the steps in the [Update Azure PowerShell modules](https://learn.microsoft.com/azure/automation/automation-update-azure-modules?branch=main#update-az-modules)
49
-
- If you are using AzureRM modules, Update `AzureRM.Profile` to latest version and replace using `Add-AzureRMAccount` cmdlet with `Connect-AzureRMAccount –Identity`.
49
+
-If you are using AzureRM modules, Update `AzureRM.Profile` to latest version and replace using `Add-AzureRMAccount` cmdlet with`Connect-AzureRMAccount –Identity`.
50
50
51
51
Follow the sample scripts below to know the change required to the runbook code to use Managed Identities
0 commit comments