Uploading WinAutomation Screenshots to Azure Container Storage Using Invoke-AzVMRunCommand
Uploading WinAutomation Screenshots to Azure Container Storage Using Invoke-AzVMRunCommand
In this blog post, I will cover how I uploaded the WinAutomation screenshots to Azure container storage from a virtual machine that was created by an Azure Automation runbook without any human interaction using Invoke-AzVMRunCommand.
Now that the test environment was complete and the virtual machine (VM) could run WinAutomation processes, I needed to upload proof that the simulated user workflow executed correctly. During the Robotic Process Automation (RPA) simulated workflow, several screenshots were taken and stored on the virtual machine. I decided that these could be used as proof of successful execution. The critical step here is to upload the screenshots from the VM running WinAutomation to an Azure container before the test environment was deleted, which happens at the end of the flow.
In order to accomplish this, I decided I would first compress the screenshots into a zip file and use AzCopy to upload them. The virtual machine snapshot being used had AzCopy installed on it, but the virtual machine still needed the instructions to zip the screenshots and upload the zipped file to a specific destination. When performing these remote commands on the virtual machine, it is easy, just open a prompt or PowerShell window and execute the commands similar to the one below.
There are two PowerShell commands shown in the box above, separated by a semicolon. The first PowerShell command compresses and stores all of the screenshots in the WinAutomation folder on the desktop. The second PowerShell command tells Azcopy to copy all of the files in the WinAutomation directory and upload them to a blob container.
My initial thought was to run this command using a custom script extension, similarly to how I copied the Proccess.dat file over in Using Azure Custom Script Extensions to Copy an Updated WinAutomation Database for RPA. However, I learned the hard way that there is a limit of one custom script extension per virtual machine.
Azure cli provides the az vm run-command as a way of executing commands on an Azure virtual machine, but az cli commands are not allowed in automation runbooks. The solution I found was to use Invoke-AzRunCommand. Invoke-AzRunCommand allows command execution on Azure virtual machines and can be executed with automation runbooks.
Invoke-AzRunCommand requires several parameters for proper execution. One of those parameters is -ScriptPath, the path of the script to execute. I could have had script already on the machine, but that would be one more additional requirement needed on the base image and I wanted to limit base image requirements as much as possible. Instead, I had the runbook write the script at runtime so it could be executed from temp directory used by the runbook. The runbook that leverages Invoke-AzRunCommand looks like this.
Param(
[Parameter (Mandatory= $true)]
[string]$VMNAME = "$vendor-VM",
[string]$ResourceGroupName = "$vendor-ResourceGroup"
)
#Service Principal Authentication
$Thumbprint = 'YOURTHUMBPRINTHERE'
$TenantId = 'YOURTENANTIDHERE'
$ApplicationId = 'YOURAPPLICATIONIDHERE'
Connect-AzAccount -CertificateThumbprint $Thumbprint -
ApplicationId $ApplicationId -Tenant $TenantId -ServicePrincipal
#Create Script
echo " Compress-Archive -Path C:\Users\AzureUser\Desktop\WinAutomation\ -
DestinationPath C:\Users\AzureUser\Desktop\WinAutomation;
azcopy copy 'C:\Users\AzureUser\Desktop\WinAutomation' 'https://rpademoshare.blob.core.windows.net/winautomation-logs/?sv=2019-12-12&ss=bfqt&srt=co&sp=rwdlacupx&se=2020-10-30T21:16:54Z&st=2020-10-01T13:16:54Z&spr=https&sig=XJKXJKXUwuuwwnnw2B59PiCretrYIthG7qtjnYM%3D' --recursive" >script.ps1
#Run Script
Invoke-AzVMRunCommand -ResourceGroupName 'RPA-RG-Test' -VMName 'RPA-
TemplateVM' -CommandId 'RunPowerShellScript' -ScriptPath ".\script.ps1"
After the required parameters and service principal authentication sections, there are two main commands listed under #Create Script and #Run Script. Create Script creates a script.ps1 file that zips the screenshots and uploads the file. The Run Script command executes the script.ps1 file from the temp directory.
When the flow gets to this step, it will perform the actions in the runbook above.
This is what the process looks like at a high level:
Verification that the zip file has been uploaded can be done through the Azure console by viewing the container:
Current Flow
In the next and last post in this series I will cover how I used Power Automate Flows and Azure Runbooks to tear down Azure Resources and reply, with proof, to the original flow requestor that execution was successful.
Additional Information and Links:
Azcopy Getting Started: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
Azcopy copy: https://docs.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-copy
Az VM Run-Command: https://docs.microsoft.com/en-us/cli/azure/vm/run-command?view=azure-cli-latest
Invoke-AzVMRunCommand: https://docs.microsoft.com/en-us/powershell/module/az.compute/invoke-azvmruncommand?view=azps-4.6.1
Custom Scrip Extension for Windows: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Here's a review of related posts on this series:
- Part 1: Using Microsoft Flows and UI Flows for Patch and Software Testing
- Part 2: Provisioning RPA Test Environments With Azure Automation Runbooks
- Part 3: Assigning Specific Public IP Addresses With Azure Automation Runbook
- Part 4: Robotic Process Automation with WinAutomation
- Part 5: Copying Updated WinAutomation Databases for RPA With Azure Custom Script Extensions
- Part 6: Uploading WinAutomation Screenshots to Azure Container Storage Using Invoke-AzVMRunCommand
- Part 7: Tearing Down Azure Resources and Replying to Emails Using Power Automate Flows and Azure Runbooks
-
Copyright © 2021 Optiv Security Inc. All rights reserved.
-
No license, express or implied, to any intellectual property or other content is granted or intended hereby.
-
This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information.
-
Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards.
-
Complaints / questions should be directed to Legal@optiv.com