Selecting / Managing Multiple Azure Subscriptions w/PowerShell

Everything changes and nothing stands still. – Heraclitus

Azure is no different than any other technology in this respect, thus patterns and practices used just one or two years ago are now obsolete.  Since the launch of Azure customers have been using multiple subscriptions to bring a level of authorization, customer/business unit, application and/or service isolation.  Clearly this approach was flawed from a scale and manageability perspective and I’m willing to bet this began causing issues for Microsoft Azure Support and Operations as well.

As Azure has matured Microsoft introduced the Azure Resource Manager to provide much improved authorization (Azure AD), customer/business unit, application, and/or service isolation without incurring the overhead of additional and disparate subscriptions.

That said, I like to call the old ways of working with Azure – Azure Classic Mode and the new methodologies just Azure.  Microsoft seems to agree in that many of the items listed in the new Azure Management Portal are in fact labeled – Classic.  Additionally there are many times when automation (DevOps) of Azure requires the selection of the correct subscription to execute against.

In this post, I’m providing a few simple PowerShell functions that can be used together to select the correct Azure Subscription before any additional automation code is called or executed.  These functions rely upon a parameter of the subscription name being provided:  $Subscription

[CmdletBinding()]

Param(

    [Parameter(Mandatory=$True, Position=0, HelpMessage=“The name of the Azure Subscription for which you’ve imported a *.publishingsettings file.”)]

    [string]$Subscription

 

)

First we always need to  determine from what mode PowerShell  has been invoked.  From the ISE or Command line?

#region CheckPowerShell()

 

Function CheckPowerShell()

 

{

    # Check if we’re running in the PowerShell ISE or PowerShell Console.

    If ($Host.Name -like “*ISE*”)

    {

        $ISE = $True

        # Console output

        Write-Verbose -Message “[Information] Running in PowerShell ISE.” -Verbose

       

    }

    Else # Executing from the PowerShell Console instead of the PowerShell ISE.

    {

        $ISE = $False

        # Console output

        Write-Verbose -Message “[Information] Running in PowerShell Console.” -Verbose

  

    }

 

    Return $ISE

 

} # End CheckPowerShell()

 

#endregion CheckPowerShell()

 

Next we’ll need to determine the PowerShell script name executing.

#region Get-PSScriptName()

 

Function Get-PSScriptName()

{

 

Param ([bool]$ISE)

 

    If ($ISE)

 

    {

        $PSScriptName = (Split-Path -Leaf $psISE.CurrentFile.DisplayName)

    }

    Else

    {

        $PSScriptName = $PSCommandPath | Split-Path -Leaf

    }

 

    Return $PSScriptName

 

 

} # End Function

 

#endregion Get-PSScriptName()

 

Finally we can determine whether the Azure subscription name provided as a parameter for our PowerShell script exists, if not, provide some helpful hints to resolve the issue.

#region Select-Subscription()

 

Function Select-Subscription()

 

{

 

Param ([string]$Subscription)

 

    Try

    {

        $Error.Clear()

 

        #Select Azure Subscription

        Select-AzureSubscription -SubscriptionName $Subscription -ErrorAction Stop -Verbose

   

        # Console output

        Write-Verbose -Message “[Information] Currently selected Azure subscription is: $Subscription.” -Verbose

        Write-Verbose -Message ” “ -Verbose

    }

    Catch

    {

        # Console output

        Write-Verbose -Message $Error[0].Exception.Message -Verbose

        Write-Verbose -Message ” “ -Verbose

        Write-Verbose -Message “[$PSScriptName]  FATAL EXCEPTION:” -Verbose

        Write-Verbose -Message “[$PSScriptName]  Please check subscriiption name and/or make sure *.publishingsettings file has been imported.” -Verbose

        Write-Verbose -Message ” “ -Verbose

        Write-Verbose -Message “[$PSScriptName]  http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/#Connect” -Verbose

        Write-Verbose -Message ” “ -Verbose

        Write-Verbose -Message “[$PSScriptName]  Exiting due to exception: Subscription Not Found.” -Verbose

 

        $Error.Clear()

    } # End Try/Catch

 

} # End Function Select-Subscription()

 

#endregion Select-Subscription()

 

 

You can test this by calling the functions in sequence as shown below:

# Call Function

$ISE = CheckPowerShell

$PSScriptName = Get-PSScriptName $ISE

Select-Subscription $Subscription

 

Keep in mind that as time goes on we should be creating fewer and fewer distinct Azure Subscriptions and instead adopting Resource Groups through Azure Resource Manager.  To provide the required isolation our adoption of Tagging and Role Based Access Control with Azure AD among various Azure resources will provide increased security and manageability overall.

Advertisements
Tagged with:
Posted in Azure IaaS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: