You want to use an Azure Automation Account runbook to rotate keys of the storage account and store them to Azure Key Vault. What are the first steps that you should do?
Experience Level: Junior
Tags: Azure Automation AccountsAzure CloudAzure Key VaultAzure Storage
Answer
- Create Azure Automation Account
- Import Modules to access Azure Key vault (AzureRM.Profile, AzureRM.KeyVault)
- Configure Azure Key Vault access policy (either using Azur e Portal or run Set-AzKeyVaultAccessPolicy)
- Create a Runbook (PowerShell Runbook)
- Configure the PowerShell script that will retrieve the automation connection using Get-AutomationConnection, login to Azure using TenantId, ApplicationId, CertificateThumbprint from the connection, then it will create new keys in Azure Key Vault and update the keys in the Azure Storage Account
Note that by default you don't need to Add a new Connection as a connection gets automatically created on Azure Automation Account creation (its name is AzureRunAsConnection)
Related Azure Cloud job interview questions
According to Microsoft Cloud Adoption Framework (CAF), what are the three specific terms related to Management phaze that can help improve conversations among business stakeholders?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are 6 key steps for establishing a management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat is management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are the 5 disciplines of cloud governance according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorIs Cloud Security Posture Management (CSPM) available for all Azure Subscriptions?
Microsoft Defender Junior