Start/Stop Azure Virtual Machines using A Rest API and Azure functions
At the end of this tutorial, you will be able to control your azure virtual machines using a simple API that you can call using a web browser. You will also be able to create and use azure functions apps (a serverless solution provided by Azure).
Azure Virtual Machines can be controlled via Azure Portal (an interactive web interface to manage azure resources) , Azure Rest API (and its management libraries & SDKs for many languages) or via Azure CLI & Azure PowerShell. Azure functions apps support many languages such as JavaScript, c#, PowerShell and others…(1). In this tutorial, we will make a PowerShell script that use Azure CLI, which is already installed on azure functions environment, to manage our VM. Azure functions can be triggered by Http requests, timer, IOT events, email reception events…etc.
Creating an Azure function app
First, let’s create an Azure Function App. From the main menu of azure portal, click on create a resource, then search for “Function App” and click on it like it’s mentioned on the next image.
An overview of this App will appear, Click on “Create”
We will fill the form. Choose your subscription and the resource group. You can create a new resource group for this app if you want. for this example we’ll just select an old resource group. Then, pick a name for your App . it must be unique because it will be used for the subdomain of the hosted app on azure “resource-name.azurewebsites.net”. On the runtime stack dropdown, choose PowerShell Core. You will notice how many languages are supported by azure functions. Then choose an Azure Region where your app will be hosted and click review and create. Find more about Azure Regions here (https://azure.microsoft.com/en-us/global-infrastructure/geographies/)
Now our function app is created, but we need to allow the “Assigned Identity” feature to it. this feature will allow our function app to access other resources using specific roles without user credentials (user and password).
On the left menu of the function app, click on “identity” under “settings” submenu. under system assigned, change status to “On” and save.
Adding role assignment to access VM
Now let’s go to the VM we want to control, on the left menu, click on Access Control (IAM) then click on Add role assignments.
We will give the function app a contributor role. a contributor role grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. We will assign access to a “function app”, then we will select it from our functions apps on the selected subscription and we will click save.
It’s time to write some code 🤓
We will return to the function app that we have created, on the left menu, under Functions click on “Functions”. Click on Add to create a new function. a pop-up will appear. Choose how the function will be triggered. we will invoke the function throw Web browser so we will choose the template “Http Trigger” then we click Add. the function will appear on the list after few seconds then we will click on it.
We click on “Code + Test” to edit the function, a simple function was created that shows how to handle query parameters, request body , how to write to logs and how to return a response.
You can test the function using either its URL (Get function URL) or using a built-in tool to make requests from the portal(Test/Run). The log stream is under the code editor zone.
All we need to do is to edit the code above with our params and call Azure PowerShell commands. Our function will receive the resource name, the resource group name and finally an action which can be [start, stop or get]. We will use Azure PowerShell functions : Get-AzVM, Start-AzVM, Stop-AzVM.
Here are some remarks about Azure PowerShell commands used on this Code.:
- Start-AzVM and Stop-AzVM must be called with -AsJob argument. that will run the command in the background and return a Job to track progress.
- Stop-AzVM will ask for user confirmation and since the task is on background the job will be blocked, the -Force argument must be added to this command to run without asking for user confirmation.
Now, all you need to start/stop your VM is a web browser (or any http client). Just click on Get function URL, copy the url and add parameter of your VM and the desired Action like this:
What can I do next ?
- Securing the API using Azure API Management (Api gateway solution)
- Control other resources on Azure using the same api , and maybe go deeper using other Azure PowerShell commands
This lab note was intended to be published on Cloudericks
