Log in to Azure Resource Manager (ARM) through Kudu to use ARM PowerShell

Azure App Service has Azure Resource Manage (ARM) PowerShell modules installed, which gives you the ability to run ARM PowerShell commands from the Kudu console and WebJobs (and Azure Functions).

 

In order to use ARM PowerShell within App Service you will need to log in to Azure non-interactively, using a service principal. There are several different ways to create a service principal. I am showing a simple, no-frills way to do so below.

 

On a local machine, do the following:

1. Interactively log in to ARM PowerShell via the following command:

Login-AzureRmAccount

 

2. Create an Azure Active Directory (AAD)) application:

$app = New-AzureRmADApplication -DisplayName "aUniqueAppName" -HomePage "https://myFakeOrRealURI" -IdentifierUris "https://myFakeOrRealURI" -Password "thePasswordOfYourChoice";

 

3. Create a Service Principal for the app:

New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId;

 

4. Assign the Service Principal a role on the app:

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $app.ApplicationId;

 

5. In preparation for the next set of steps, get the following values:

-Tenant Id:

(Get-AzureRmSubscription).TenantId;

-ApplicationId:

$app.ApplicationId;

-Tenant domain name:

This would be the domain name in the Account property, which shows when you log in via login-azurermaccount with your user account.

 

Now, in Kudu, you can run the following script from the PowerShell console to log into Azure ARM, and then you can run other ARM commands:

$tenantId = "yourTenantId";

$domain = "yourDomain";

$appId = "yourApplicationId";

$username = $appId + '@' + $domain;

$pass = ConvertTo-SecureString "thePasswordOfYourChoice" -AsPlainText –Force;

$cred = New-Object -TypeName pscredential –ArgumentList $username, $pass;

Login-AzureRmAccount -Credential $cred -ServicePrincipal –TenantId $tenantId;