skip to Main Content

I’m trying to create an Azure automation system to change the number of always ready instances of a Function App (the App Service Plan is Elastic Premium One EP1):

Always Ready Instances of my Function App

The Automation System is created in order to set the number of Always Ready Instances to 3 during week days, and set it to 1 during weekend days.

The System is composed by the following two runbooks created under the service Azure Automation Accounts:

  1. "runbook-Weekdays"
$resourceGroupName = "xxxxxxxxxxxx"
$functionApp = "xxxxxxxxxx-func"

$Resource = Get-AzResource -ResourceGroupName $resourceGroupName -ResourceName $functionApp/config/web -ResourceType Microsoft.Web/sites
$Resource.Properties.minimumElasticInstanceCount = 3
$Resource | Set-AzResource -Force
  1. "runbook-Weekend-days"
$resourceGroupName = "xxxxxxxxxxxx"
$functionApp = "xxxxxxxxxxxx-func"

$Resource = Get-AzResource -ResourceGroupName $resourceGroupName -ResourceName $functionApp/config/web -ResourceType Microsoft.Web/sites
$Resource.Properties.minimumElasticInstanceCount = 1
$Resource | Set-AzResource -Force

Note that I’m using a "System Assigned" identity in my Automation Account.

While the automation logic is implemented using Azure Logic Apps:

Logic App Design part 1

Where the expression under the "Condition" box is: formatDateTime(utcNow(),'dddd'), which set only for the week days as can be seen from the previous figure.

The following figure is the second part of the Logic App:

Logic App Design part 2

Note that, when creating the Automation Job in Logic Apps, I have selected "OAuth default" as authentication method, then I simply pasted the tenantID of my subscription.

Now, if I test the Logic App from the Logic App service, it works:

Logic App Design triggered

And I would expect a number of always ready instances equal to 3, but if I check the number of always ready instances, nothing changed:

Always ready instances

Also, going to the errors page of the runbook page:

Runbook error

I see the following two errors:

Get-AzResource : Run Connect-AzAccount to login. At line:4 char:13 + $Resource = Get-AzResource -ResourceGroupName $resourceGroupName -Res ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Get-AzResource], PSInvalidOperationException + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.GetAzureResourceCmdlet

and

The property 'minimumElasticInstanceCount' cannot be found on this object. Verify that the property exists and can be set. At line:5 char:1 + $Resource.Properties.minimumElasticInstanceCount = 3 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : PropertyNotFound

Do you know what could be the problem?

2

Answers


  1. The error "Run Connect-AzAccount to login" indicates that the call to run the command is not made in a security context that is allowed to make the call.

    In your case it is the logic app that is making the call. So first thing to check is the security context of your logic app.

    Login or Signup to reply.
  2. Have you logged in within your runbook?

    The first error tells you to connect using Connect-AzAccount and the 2nd error is a generic error that the property doesn’t exist because $Resource object doesn’t have that property.

    $object = [pscustomobject]@{whatever = 'thing'}
    $object.minimumElasticInstanceCount = 3
    
    SetValueInvocationException: Exception setting "minimumElasticInstanceCount": "The property 'minimumElasticInstanceCount' cannot be found on this object. Verify that the property exists and can be set."
    

    If you’re still using the runas account with a certificate it would look like:

    $connectionName = "connectionName"
    
    try {
        # Get the connection "AzureRunAsConnection" You can't use the Az module version for reasons.
        $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
    
        "Logging in to Azure..."
        $connectAzAccountSplat = @{
            ServicePrincipal      = $true
            TenantId              = $servicePrincipalConnection.TenantId 
            ApplicationId         = $servicePrincipalConnection.ApplicationId 
            CertificateThumbprint = $servicePrincipalConnection.CertificateThumbprint
        }
        Connect-AzAccount @connectAzAccountSplat
    }
    catch {
        if (!$servicePrincipalConnection) {
            $ErrorMessage = "Connection $connectionName not found."
            throw $ErrorMessage
        }
        else {
            Write-Error -Message $_.Exception
            throw $_.Exception
        }
    }
    

    If you’re using a system assigned identity then you will need to include the relevant authentication code for that instead

    # Ensures you do not inherit an AzContext in your runbook
    Disable-AzContextAutosave -Scope Process
    
    # Connect to Azure with system-assigned managed identity
    $AzureContext = (Connect-AzAccount -Identity).context
    
    # Set and store context
    $AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
    

    https://learn.microsoft.com/en-us/azure/automation/enable-managed-identity-for-automation#authenticate-access-with-system-assigned-managed-identity

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search