Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Uploading WinAutomation Screenshots to Azure Container Storage Using Invoke-AzVMRunCommand
In this blog post, I will cover how I uploaded the WinAutomation screenshots to Azure container storage from a virtual machine that was created by an Azure Automation runbook without any human interaction using Invoke-AzVMRunCommand.
Now that the test environment was complete and the virtual machine (VM) could run WinAutomation processes, I needed to upload proof that the simulated user workflow executed correctly. During the Robotic Process Automation (RPA) simulated workflow, several screenshots were taken and stored on the virtual machine. I decided that these could be used as proof of successful execution. The critical step here is to upload the screenshots from the VM running WinAutomation to an Azure container before the test environment was deleted, which happens at the end of the flow.
In order to accomplish this, I decided I would first compress the screenshots into a zip file and use AzCopy to upload them. The virtual machine snapshot being used had AzCopy installed on it, but the virtual machine still needed the instructions to zip the screenshots and upload the zipped file to a specific destination. When performing these remote commands on the virtual machine, it is easy, just open a prompt or PowerShell window and execute the commands similar to the one below.
There are two PowerShell commands shown in the box above, separated by a semicolon. The first PowerShell command compresses and stores all of the screenshots in the WinAutomation folder on the desktop. The second PowerShell command tells Azcopy to copy all of the files in the WinAutomation directory and upload them to a blob container.
My initial thought was to run this command using a custom script extension, similarly to how I copied the Proccess.dat file over in Using Azure Custom Script Extensions to Copy an Updated WinAutomation Database for RPA. However, I learned the hard way that there is a limit of one custom script extension per virtual machine.
Azure cli provides the az vm run-command as a way of executing commands on an Azure virtual machine, but az cli commands are not allowed in automation runbooks. The solution I found was to use Invoke-AzRunCommand. Invoke-AzRunCommand allows command execution on Azure virtual machines and can be executed with automation runbooks.
Invoke-AzRunCommand requires several parameters for proper execution. One of those parameters is -ScriptPath, the path of the script to execute. I could have had script already on the machine, but that would be one more additional requirement needed on the base image and I wanted to limit base image requirements as much as possible. Instead, I had the runbook write the script at runtime so it could be executed from temp directory used by the runbook. The runbook that leverages Invoke-AzRunCommand looks like this.
After the required parameters and service principal authentication sections, there are two main commands listed under #Create Script and #Run Script. Create Script creates a script.ps1 file that zips the screenshots and uploads the file. The Run Script command executes the script.ps1 file from the temp directory.
When the flow gets to this step, it will perform the actions in the runbook above.
This is what the process looks like at a high level:
Verification that the zip file has been uploaded can be done through the Azure console by viewing the container:
In the next and last post in this series I will cover how I used Power Automate Flows and Azure Runbooks to tear down Azure Resources and reply, with proof, to the original flow requestor that execution was successful.
Additional Information and Links:
Azcopy Getting Started: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10
Azcopy copy: https://docs.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-copy
Az VM Run-Command: https://docs.microsoft.com/en-us/cli/azure/vm/run-command?view=azure-cli-latest
Custom Scrip Extension for Windows: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Here's a review of related posts on this series:
November 04, 2020
Part four in the series: setting up RPA with WinAutomation.
How to copy updated WinAutomation databases for RPA with Azure custom script extensions – part five of a series.
How to use Power Automate flows and Azure runbooks to tear down Azure resources and reply to emails – Dan Kiraly explains in part 7 of the series.
Let us know what you need, and we will have an Optiv professional contact you shortly.