In Azure automation, there exists a useful feature called Variables. Variables are assets in Azure Automation that allow you to set and query various values.
You have the ability to create variables of different types like strings, boolean, date/time or integers. What’s not similar to typical variables is that you can also choose to encrypt them as well.
Once created, these variables can then be accessed across all Azure Automation runbooks or DSC configurations. Variables persist and cannot be changed unless explicitly done. This means you can create a variable once and consistently use it across all runbooks and DSC configurations for as long as you’d like.
Managing Azure Automation Variables
Variables can be managed via the GUI in the Azure Portal under your Automation Account and by clicking on Variables.
However, in this article, we’re going to stick to managing these variables in PowerShell to give us the skills to automate this process in a larger script or simply manage them via the command line.
To manage variables via PowerShell, you need to have the AzureRM PowerShell module installed by running Install-Module AzureRm. Once this module is installed and you’ve authenticated to Azure using Connect-AzureRmAccount, then ensure you have an Automation account already created. Once you’ve met all of these prerequisites, you’re ready to begin.
Creating Automation Variables
Let’s first dive into creating new Automation variables with PowerShell. To do this, we can use the New-AzureRmAutomationVariable command. This command allows us to create a variable and assign it all of the available properties that are allowed.
For example, let’s say that you’ve got a resource group in Azure that you use across lots of different runbooks. Instead of hard-coding this name inside of lots of runbooks, instead, you can create it as a variable and then reference it that way. This prevents duplication efforts and more easily allows you to make changes to it.
In the below example, I’m creating a variable called MySharedResourceGroup and assigning it a value of RG1 associated with my Automation account of techsnips which is in the TechSnipsBackend resource group.
PS> New-AzureRmAutomationVariable -AutomationAccountName techsnips -Name 'MySharedResourceGroup' -Description 'A resource group that is used across many different runbooks' -Value 'RG1' -ResourceGroupName TechSnipsBackend -Encrypted $false
Value : RG1
Encrypted : False
ResourceGroupName : TechSnipsBackend
AutomationAccountName : techsnips
Name : MySharedResourceGroup
CreationTime : 9/28/2018 9:08:54 AM -05:00
LastModifiedTime : 9/28/2018 9:08:54 AM -05:00
Description : A resource group that is used across many different runbooks
I can now reference this new variable using the Get-AzureRmAutomation command by providing the name of the variable name and the resource group and the name of the Automation account.
PS> Get-AzureRmAutomationVariable -Name MySharedResourceGroup -ResourceGroupName TechSnipsBackEnd -AutomationAccountName techsnips
Value : RG1
Encrypted : False
ResourceGroupName : TechSnipsBackEnd
AutomationAccountName : techsnips
Name : MySharedResourceGroup
CreationTime : 9/28/2018 9:08:54 AM -05:00
LastModifiedTime : 9/28/2018 9:08:54 AM -05:00
Description : A resource group that is used across many different runbooks
Changing Automation Variables
Once I have a variable created, I now can modify the value or description of the variable using the Set-AzureRmAutomationVariable command. The Set-AzureAutomationVariable command accepts pipeline input so an easy way to use it is to pipe the output of Get-AzureRmAutomationVariable directly to it specifying either the Value parameter or the Description parameter to change. If you’d like to change the value and description, this must be done separately.
You cannot change the encrypted attribute once the variable has been created.
PS> Get-AzureRmAutomationVariable -Name MySharedResourceGroup -ResourceGroupName TechSnipsBackEnd -AutomationAccountName techsnips | Set-AzureRmAutomationVariable -Value 'RG2'
PS> Get-AzureRmAutomationVariable -Name MySharedResourceGroup -ResourceGroupName TechSnipsBackEnd -AutomationAccountName techsnips | Set-AzureRmAutomationVariable -Description 'changed'
Removing Automation Variables
Finally, we can remove any Automation variables using the Remove-AzureRmAutomationVariable the same way we modified them by piping the variable directly to Remove-AzureRmAutomationVariable as shown below. Be careful though, this does not prompt so be sure you’re sending the right variable(s) to the removal command.
PS> Get-AzureRmAutomationVariable -Name MySharedResourceGroup -ResourceGroupName TechSnipsBackEnd -AutomationAccountName techsnips | Remove-AzureRmAutomationVariable
Summary
Managing Azure Automation variables is a simple process in PowerShell. Variables are a great asset to use in your runbooks and now that you have the skills to work with them in PowerShell, your Automation runbooks will thank you.
Adam Bertram
Adam Bertram is a 25+ year IT veteran and an experienced online business professional. He’s a successful blogger, consultant, 6x Microsoft MVP, trainer, published author and freelance writer for dozens of publications. For how-to tech tutorials, catch up with Adam at adamtheautomator.com, connect on LinkedIn or follow him on X at @adbertram.