Azure Automation Account provides users with a variety of tools, such as PowerShell, Python, and graphical runbooks, to automate tasks. Runbooks are a set of tasks that can be executed in a specific order to automate various processes, such as starting or stopping virtual machines, backing up data, or deploying applications. You can manage and execute runbooks through the Azure portal, PowerShell, or the Azure Automation API.
This blog post will focus on using Azure Automation to move “orphaned disks” to a separate resource group. An orphaned disk is an unattached disk that is no longer associated with a virtual machine. This can occur when a virtual machine is deleted but its attached resources are not removed. Orphaned disks can be costly if left unremoved because they are still billed monthly.
We will guide you through the steps to create an Automation Account with a runbook that uses a PowerShell script to move orphaned disks to a separate resource group.
Create an Automation Account
For our Automation Account we will need:
- An Azure subscription. This goes without saying. If you want to create any resources on Azure, you will need an Azure subscription. Click here if you want to create a free Azure account.
- Resource Group. All resources are logically stored in a Resource Group. It is okay if you do not have a Resource Group already. We will make one together ;-).
- Runbook. You can create runbooks in your Automation Account to automate your tasks. Runbooks can be PowerShell scripts, Python scripts, or graphical runbooks. We will use PowerShell.
- Go to the Azure portal and sign in with your Azure account.
- In the search bar at the top of the page, search for “automation” and click on “Automation Account”.
- You will see an overview of your Automation Account. I will create my first Automation Account so in my case the list is empty. Click on “Create” at the top left to create an Automation Account.
- On the Basics tab, select your subscription and Resource group. If you don’t have a Resource group yet, click on “Create new”. In my case there is no Resource group yet so I created a new one. Under Instance Details, give your Automation Account a name that is recognizable to you and choose the preferred region.
- Click on “Next” to see the Advanced tab. For this example I leave the default as is. For more information about Managed Identities, please refer to the Microsoft documentation.
- Click on “Next” to see the Networking tab. For this example I will leave the Connectivity configuration checked on Public access. Please be aware that this is not a recommended setting in most cases!
- Click on “Next” to see the Tags tab. Using tags enables you to keep your resources organized. In my case I will add the two tags “owner” and “description”.
- Click on “Next” to see the Review + Create tab. On this tab you will see a summary of the Automation Account that is about to be created. On the top there is a green bar with “Validation passed”. This means that everything is correct. If you see a red bar with “Validation failed. Required information is missing or not valid.”, please refer to the tab with a red “X” to see what went wrong.
Click on “Create” to create the Automation Account.
After a few moments the Automation Account is created. You will see an overview of the resource that has just been created. On this screen, click on “Go to resource”.
Now the fun really begins!
For this example I am only going to cover three things. Identity, Runbooks and Schedules. Let’s continue with assigning a role to our Identity.
Identity
Before we are able to run successfully our Runbook, we need to assign the right RBAC role to our Identity. With our Identity
- In the navigation pane on the left, go to “Identity”.
- Click on “Azure role assignments”.
- Click on “Add role assignment (Preview)”.
- Select the scope. For this example the scope is on subscription level.
Select the subscription if you have more then one.
Select the RBAC role. For this example, let’s go for Contributor and click on “Save” at the bottom.
Now we are ready to create our Runbook.
Create the runbook
Now that we have our first Automation Account and assigned the correct role to our Identity, we can create our first Runbook.
- In the navigation pane on the left, click on “Runbooks”. You will see two example runbooks. We will not touch these runbooks.
- Click on “Create a runbook”.
- Fill in the required fields and click on “create”.
- We are now in the editor pane. Here we can write our PowerShell script. With the following PowerShell script we can move orphaned disks to a seperate Resource Group. For this example I have created a unattached managed disk that represents an orphaned disk.
This is the disk that will represent the orphaned disk.
try{“Logging in to Azure…”Connect-AzAccount -Identity}catch {Write-Error -Message $_.Exceptionthrow $_.Exception}# Set variables
$targetRG = “rg-orphaned-resources”
$resourcesToMove = @()
$currentDate = Get-Date -Format “yyyy-MM-dd”# Find unattached disks and move them to target RG
Get-AzDisk | Where-Object { $_.ManagedBy -eq $null } | ForEach-Object {
# Add unattached disk to resourcesToMove array
$resource = $_
$resourceTags = @{
“DateWhenMoved” = $currentDate
“OriginalResourceGroup” = $resource.ResourceGroupName.Split(‘/’)[0]
}
Update-AzTag $resource.Id -Tag $resourceTags -Operation Merge
$resourcesToMove += $resource
}# Move unattached resources to target RG
$resourcesToMove | ForEach-Object {
Move-AzResource -DestinationResourceGroupName $targetRG -ResourceId $_.Id -Force
}
With this PowerShell script we will move the orphaned disk to a seperate Resource Group called “rg-orphaned-resources”. Let’s put this code in the editor pane and click on “Publish”.
Schedules
Now it’s time to create a schedule so that the script runs at scheduled times.
- In the navigation pane on the left, click on “Schedules”. You will see a overview of all the schedules for this Runbook. Because this is a new Runbook, there are no Schedules yet.
- Click on “Add a schedule”.
- Click on “Link a schedule to your runbook”.
- Again, click on “Add a schedule”.
- Fill in the required fields and click on “Create” at the bottom. I’ve chosen to start the runbook every day on 9:15 PM.
Click on OK. - Now back at the overview of the schedules, we can see our newly created schedule.
- To see if the runbook works, we do not have to wait on the schedule. On the navigation pane on the left, go back to “Overview”. As you can see, we can click on “Start” to run the runbook. Let’s click on it.
- We have now started a job and the job is currently queued. If we wait a few moments the status will change to “Completed”.
You can click through the different tabs to see what the output is and all the logging. But we all want to see if the disk is moved to the target Resource Group. Let’s see!
As we can see the disk is moved to the Resource Group named “rg-orphaned-resources”.
If we click on the disk we see that the runbook also added the two tags.
Wrapping up
We have created an automated task with an Azure Automation Account to move orphaned disks to a Resource Group. But why would we do this?
By moving orphaned disks to a Resource Group, we can periodically review the content of the Resource Group. When disks are added, we can see from what Resource Group the disk originated from and when the move happened. With this information we can now assess if the disk is still needed or is eligible for deletion. This is just one way to stay organized and managing the costs for your subscription.
This approach is not only suitable for disks. You can edit the Runbook to add more resources like Storage Accounts, Public IP Addresses, and many more. Feel free to use this article for creating your own automation and use it to your own insights.
Thank you for taking the time to read this blogpost. If you found this helpful, please share it with others and let’s connect on LinkedIn!
how to find orphaned disk and nics card in azure through powershell.