Microsoft just release the support for Powershell 7.2 in Azure Automation Account. For one that have been using runbook for a long time this was a great upgrade. There are a lot of work left before it is an pleasant experience. So, I have created this blog to explain a few workarounds for the problems I had to solve to get it to work properly.

If you just want to get started you can download the module from Terraform module repository.

To get started you need an automation account and a runbook that you want to run in that automation account. This is rather easy to accomplice, but it is here the problems starts. Bellow follows the different problems and solutions.

Problem 1

• AzureRM don’t support any parameters for setting the runtime version and it is default to 7.2
• Solution: We can use the Az API terraform provider… But wait, this don’t support any runtime parameters either. Meh.. Okey what do we do then. Well it turns out that the parameter runbookType is the solution. So setting it to PowerShell72 solves the issue.
• runbookType = PowerShell72

Great! Problem 1 solved!

resource "azapi_resource" "runbook" {

  type                      = "Microsoft.Automation/automationAccounts/runbooks@2023-11-01"

  name                      = "Runbook Name

  parent_id                 = azurerm_automation_account.this.id

  location                  = azurerm_resource_group.this.location

  schema_validation_enabled = false # Required because this resource won't validate



  body = jsonencode({

    properties = {

      runbookType      = "Powershell72"

      logVerbose       = true

      logProgress      = false

      logActivityTrace = 0

      publishContentLink = {

        uri = "SomeURI"

      }

    }

  })



  response_export_values = ["*"]

  tags                   = var.tags

}

Problem 2

• I want to upload a runbook that runs on powershell 7.2 and I need to use th Az API provider. This only supports an URI pointer… Meh. That means that the runbook needs to be located on a public endpoint.
• Workaround:
  • Create a staroge account
  • Create a blob
  • Upload the powershell file to the blob
  • Create a SAS key
  • Use the URI with the SAS key in the URI section for the AZ API provider
• You will then get something like this:

uri = "https://${azurerm_storage_account.runbooks.name}.blob.core.windows.net/${azurerm_storage_container.runbooks.name}/${azurerm_storage_blob.modules[0].name}${data.azurerm_storage_account_blob_container_sas.runbooks.sas}"

Problem 3

Okey, great we now have the runbook in an automation account running on PowerShell 7.2. The only thing we are missing are the modules in the automation account. These often needs to be updated or you need to install some extra modules that you want to use. Like MSGraph. Sounds easy enough! But it is a struggle… The only information I could find was a closed issue on GitHub for PowerShell 7.1 (still in preview). After some testing and digging.

• The solution is to use a rest API
• I did not get the Az API to work for this, so the workaround was creating a script that runs when you deploy the runbook that ensures that the modules are installed on the automation account. I’m pretty sure that this will be solved in the feature. But who knows when.

Summary

It is still early for PowerShell 7.2 in Azure Automation Account. There are a lot of problems that will probably be solved in the feature. I want to use IaC and deploy everything with Terraform. So maybe I just make it harder for myself, but it works in the end. You can find the code here and the module can be downloaded from terraform registry here.