So there's now a documented workaround to use ARM in Azure Automation, and it's also well documented how to authenticate to ARM using a Service Principal. But even after following these steps I still cannot get the combination of those to work. Running my runbook in Automation with a Service Principal always gives the following error:
New-AzureTag : Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your
Azure credentials.
At Add-SubscriptionTags:48 char:48
+
+ CategoryInfo : CloseError: (:) [New-AzureTag], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Tags.Tag.NewAzureTagCommand
Add-AzureAccount
and Select-AzureSubscription
both execute fine, but when I call any cmdlet to actually do something I get the above error.
My runbook works when I use a regular AAD org account, so I don't think it's an Automation/ARM issue.
Running my workflow on my PC with the service principal also works, so I think my service principal is set up correctly.
Has anyone successfully implemented this scenario?
This is due to a bug in Azure PowerShell. It has been identified and there is a work item to fix it. I will add the GitHub issue if I'm able to find it.
Update: Here's the GitHub issue https://github.com/Azure/azure-powershell/issues/655