We have many scripts that manage our Azure environment. They are PowerShell scripts that use the az CLI to manipulate Azure.
We have Runbooks that use 'Run-as' accounts and we want to switch them to 'Managed Identity' The portal allows you to click a button to use Managed Identity on the account. I understand this can be done with the Az PowerShell cmdlets. We are not using the Az cmdlets in any of our scripts. Is there a way to do this with the CLI or REST?
I was able to extrapolate the rest call from the Az PowerShell call using the -debug flag (all these cmdlets and cli's use the rest api underneath and this -debug flag is a godsend.)
# replace your subcription, resourcegroup and account name appropriately
$uri = "https://management.azure.com/subscriptions/<subscriptionid>/" + `
"resourceGroups/<resource group name>/providers/Microsoft.Automation/" + `
"automationAccounts/<automation account name>?api-version=2021-06-22"
$body = @{
# I don't think the properties or tags node are needed
#properties = @{sku = @{name = "Basic" } };
name = "<automation account name>";
identity = @{type = "SystemAssigned" };
#tags = @{}
}
$temp = New-TemporaryFile
$body | ConvertTo-Json | Out-File $temp
$results = `
az rest --uri $uri --method patch --body "@$($temp.fullname)" `
| ConvertFrom-Json
remove-item $temp