A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Breadcrumb Home Insights Source Zero Assigning Specific Public IP Addresses With Azure Automation Runbook November 04, 2020 Assigning Specific Public IP Addresses With Azure Automation Runbook Microsoft Power Automate Flows, UI Flows, & Automation Runbooks: Part Three of a series The last blog post in this series covered how I provisioned my Robotic Process Automation (RPA) test environment using Azure Automation runbooks. In this post, I will use an additional runbook to assign the newly provisioned virtual machine a specific public IP address. I previously defined a public IP address that is whitelisted as an approved source address to access the test Salesforce environment needed for the RPA flow. This was configured for security reasons. It was also very beneficial having the same public IP address to RDP into for troubleshooting. This public IP address was used in a previous project and resides in a different resource group called Research. The following code is the PowerShell script I wrote for the automation runbook that applies this public IP to the NIC of the newly created virtual machine. #Parameters #Note: The Research resource group contains the allowed Public IP that is added to the new VM in a different resource group. Param( [Parameter (Mandatory= $true)] [string]$vendor, [string]$ResourceGroupName = "Research", [string]$VirtualNetworkName = "$vendor-VirtualNetwork", [string]$PublicIPName = "$vendor-PublicIP", [string]$ipconfigname = 'ipconfig1', [string]$NicName = "$vendor-Nic", [string]$SubnetName = 'default' ) #Service Principal Authentication $Thumbprint = 'YOUR-THUMBPRINT-HERE' $TenantId = 'YOUR-TENANTID-HERE' $ApplicationId = 'YOUR-APPLICATIONID-HERE' Connect-AzAccount -CertificateThumbprint $Thumbprint -ApplicationId $ApplicationId - Tenant $TenantId -ServicePrincipal #Create New Public IP Address #New-AzPublicIpAddress -Name RPAPublicIP -ResourceGroupName $ResourceGroupName -AllocationMethod Dynamic -Location centralus $vnet = Get-AzVirtualNetwork -Name $VirtualNetwork -ResourceGroupName $ResourceGroupName $subnet = Get-AzVirtualNetworkSubnetConfig -Name $SubnetName -VirtualNetwork $vnet $nic = Get-AzNetworkInterface -Name $NicName -ResourceGroupName $ResourceGroupName #PublicIP is in a different ResourceGroup and has static IP needed for testing. $pip = Get-AzPublicIpAddress -Name $PublicIPName -ResourceGroupName Research $nic | Set-AzNetworkInterfaceIpConfig -Name $ipconfigname -PublicIPAddress $pip -Subnet $subnet $nic | Set-AzNetworkInterface Below is an image of this automation runbook being used in the flow as part of a condition. If the resource group and the resources from the previous step were successful, then the next action in the flow will be to run a second PowerShell runbook that assigns the public IP. If the condition is not matched, a notification email will be sent to the original email requester noting a resource creation error. The runbook used in the Assign IP action has one required parameter-vendor. This parameter is the same dynamic value used in the previous step. The Reply to email (v3) uses the dynamic values of Job ID and Status Details from the previous step as reference points for the requestor of the original email. If the condition is not met, the original email requestor will receive an email like the one shown below. Part four in the series will cover the next action in the flow, Robotic Process Automation with WinAutomation. Current Flow Additional Reference Information: Azure Automation: https://docs.microsoft.com/en-us/azure/automation/automation-intro Automation Account: https://docs.microsoft.com/en-us/azure/automation/automation-create-standalone-account Azure PowerShell Az module: https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-4.7.0 Manage Modules in Azure Automation: https://docs.microsoft.com/en-us/azure/automation/shared-resources/modules Application and service principal objects in Azure Active Directory: https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals PowerShell: https://docs.microsoft.com/en-us/powershell/scripting/whats-new/what-s-new-in-powershell-70?view=powershell-7 Power Automate UI Flows: https://flow.microsoft.com/en-us/ui-flows/ Here's a review of related posts on this series: Part 1: Using Microsoft Flows and UI Flows for Patch and Software Testing Part 2: Provisioning RPA Test Environments With Azure Automation Runbooks Part 3: Assigning Specific Public IP Addresses With Azure Automation Runbook Part 4: Robotic Process Automation with WinAutomation Part 5: Copying Updated WinAutomation Databases for RPA With Azure Custom Script Extensions Part 6: Uploading WinAutomation Screenshots to Azure Container Storage Using Invoke-AzVMRunCommand Part 7: Tearing Down Azure Resources and Replying to Emails Using Power Automate Flows and Azure Runbooks By: Dan Kiraly Senior Research Scientist | Optiv Dan Kiraly is senior research scientist on Optiv’s R&D team. In this role he's responsible for use case development and the vetting of security products for Optiv. Share: Microsoft Azure Microsoft Power Automate Power Automate Flows UI Flows Robotic Process Automation RPA Azure Automation Automation Runbooks CDX Patch Management Orchestration Automation Blue Team Source Zero® Az Copy On-premises data gateway Copyright © 2024 Optiv Security Inc. All rights reserved. No license, express or implied, to any intellectual property or other content is granted or intended hereby. This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information. Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards. Complaints / questions should be directed to Legal@optiv.com
Copyright © 2024 Optiv Security Inc. All rights reserved. No license, express or implied, to any intellectual property or other content is granted or intended hereby. This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information. Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards. Complaints / questions should be directed to Legal@optiv.com
Would you like to speak to an advisor? How can we help you today? Image E-Book Cybersecurity Field Guide #13: A Practical Approach to Securing Your Cloud Transformation Download Now Image Events Register for an Upcoming OptivCon Learn More Ready to speak to an Optiv expert to discuss your security needs?