CloudAutomate is a collection of PowerShell scripts designed to streamline and automate various tasks within Microsoft Azure. This repository aims to simplify cloud management by providing ready-to-use scripts that enhance efficiency and reduce manual intervention.
This PowerShell script automates stopping and starting Azure Virtual Machines (VMs) based on specified tags.This a runbook script used in automation account.The script is availble in Azure,However, the charges are hefty. Therefore, i have made this script. It requires Azure PowerShell modules (Az.Accounts, Az.Compute) and ensures proper execution with elevated privileges.
- Tag-Based Filtering: Stops and starts VMs with a specified tag (Project) and tag value (Test).
- Error Handling: Provides clear error messages for any failures.
- Delayed Restart: Includes a 180-second delay between stopping and starting the VMs.
.\Auto Stop-Start VM.ps1
This PowerShell script verifies the existence of a specified Azure Marketplace VM image in a given region and subscription, and then accepts its terms and conditions to facilitate deployment. It first checks if the Sophos VM image with specified parameters exists in the "eastus" region. If the VM image is available, it proceeds to accept the terms and conditions for a Fortinet VM, ensuring compliance and readiness for deployment. This script is designed for test purposes, and users should modify the parameters to match their specific Marketplace VM requirements.
Check VM Existence:
Get-AzVMImage -Location "eastus" -PublisherName "sophos" -Offer "sophos-xg" -Skus "Linux (sfos 19)"
Accept Marketplace Terms:
Get-AzMarketplaceTerms -Publisher "fortinet" -Product "fortinet_fortigate-vm_v5" -Name "fortinet_fg-vm_payg_20190624" -OfferType 'fortinet_fortigate-vm_v5' | Set-AzMarketplaceTerms -Accept
Note: Customize the parameters for your specific Marketplace VM.
Create the marketplace VM,(third-party os-VMs, not provided by Microsoft) Deploys a Marketplace VM named "GasdayFTP" with specified configurations in the "GASDAYFTP" resource group. Note: Customize the parameters to match your specific Azure environment and VM requirements.
This PowerShell script automates the assignment of Azure Role-Based Access Control (RBAC) roles using Azure PowerShell (Az.Resources module). It begins by connecting to Azure using device authentication and specifying a target subscription ID. The script imports role assignments data from a CSV file (role-assignments-2024-03-14.csv) for processing. Within a loop, it iterates through each row in the CSV, replacing the source subscription ID (sourceSubId) with the destination subscription ID (destSubId) in the scope field. It also modifies the RoleDefinitionId by extracting the last 32 characters. For each row, it checks if RoleDefinitionId is defined and creates a new RBAC assignment using New-AzRoleAssignment. If RoleDefinitionId is null or empty, it logs a warning and skips that assignment, displaying relevant details such as SignInName and RoleDefinitionName. This script provides a structured approach to managing RBAC assignments across Azure subscriptions.
This Script replaces source subscription id with destination subscription id in the CSV download from IAM in azure subscription
This Script adds a new column RowNo to the CSV for debugging and error finding purposes
This is the main deployment script that is used for RBAC assignment Refer to this Readme.md for documentation. Automation_RBAC.md
This script automates the deployment of a Virtual Network Gateway in Azure. It starts by importing the necessary Azure modules and defining variables such as subscription ID, resource group, location, virtual network, subnet, public IP address, and gateway configurations. The script connects to your Azure account, verifies the subscription, and checks for the existence of the specified resource group, virtual network, subnet, and public IP address. If they do not exist, it creates them. Finally, it configures the gateway IP address and deploys the Virtual Network Gateway. Note that the subnet name for the VPN gateway must be exactly "GatewaySubnet," and the deployment may take 45-50 minutes.