In this article we will see how to use Azure REST API in unison with PowerShell to perform administrative tasks. We will see how to get authorization access token and authenticate to Azure REST APIs so as to get information about all the virtual machines in the azure subscription.
↑ Return to Top
So as to communicate with the Azure REST APIs, we need to register an App.The App will act as a service admin account to access the REST API. So as to do it , lets login into Portal.Azure.Com and go to Azure Active Directory
Here we can see the App Registrations in the left section. Select it. Click on New Registrations to create a new App.
Give an arbitrary name you would like to give to the App.
Thus the App has been created.
Now we need to create a Client Secret that will be used to authenticate to the Azure REST API calls. From the left section, select Certificates & Secrets
Click on New Client secret to generate the unique string .
Add a description that would be tagged against the client secret
Thus the client secret has been generated.Save the key somewhere as it will not be accessible once you leave the blade.
We also need to get the Subscription ID that will be used to connect to the Azure Subscription which we can get from the Subscription section.
In order for the App to access the Azure Resources, we also need to add the recently created App to the Subscription. From Access Control in the left tab, Click on the Plus sign to add a Role Assignment. We will add the Contributor access.
Thus we have successfully created the App and Assigned the required permission to access the Azure Resources.
Now lets do a walkthrough of the powershell script that we will be using to access the Azure Resources using REST API. First, we will define the variables that we will be using in the script.
#Subscription Id.
$SubscriptionId = "2bfa231b-7d08-485e-af7f-962f8974d"
#Tenant Id.
$TenantId = "d1f1c2da-7667-42f6-bed2-ef543f6ee"
#Client Id.
$ClientId = "a408b768-b135-42ed-874b-35ee978666"
#Client Secret.
$ClientSecret = "lh/jlzpl=4[8iDSdoZd[:chR]/A8t"
So as to Authorize to the REST API, we will need an access token. Here we will make use of the client secret and issue a POST request to the URL
https://login.microsoftonline.com/{tenantId}/oauth2/token
This will return back the access token that can be used with the Azure REST APIs
So as to access the Virtual Machine resource, we will make use of the REST API :
https://management.azure.com/subscriptions/$SubscriptionId/providers/Microsoft.Compute/virtualMachines?api-version=2019-03-01
After creating the header, we will issue a POST request to the above REST API which will get us all the Virtual Machine in the mentioned Subscription
$Resource = "https://management.core.windows.net/"
$RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$body = "grant_type=client_credentials&client_id=$ClientId&client_secret=$ClientSecret&resource=$Resource"
# Get Access Token
$AccessToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType 'application/x-www-form-urlencoded'
# Get Azure Virtual Machines
$VMApiURI = "https://management.azure.com/subscriptions/$SubscriptionId/providers/Microsoft.Compute/virtualMachines?api-version=2019-03-01"
# Format Header
$Headers = @{}
$Headers.Add("Authorization","$($AccessToken.token_type) "+ " " + "$($AccessToken.access_token)")
#Invoke REST API
$VMCollection = Invoke-RestMethod -Method Get -Uri $VMApiURI -Headers $Headers
$SubscriptionId = "2bfa231b-7d08-485e-af7f-962147f8"
$TenantId = "d1f1c2da-7667-42f6-bed2-ef629543f"
$ClientId = "a408b768-b135-42ed-874b-35eb4e97"
$ClientSecret = "lh/jlzpl=4[8iD57PSdoZd[:chRt"
Write-Host "Virtual Machine Collection : " -ForegroundColor Green
$VMCollection.value | ForEach-Object {
Write-Output $_.Name
}
Lets save the script to a file named GetAllVMs . After running the Power Shell script, we have received the list of VMs in the Subscription.
Thus we saw how to get authorization access token and authenticate to Azure REST API from PowerShell so as to get information about all the virtual machines in the azure subscription.