pwsh-subscription-automation

---

Page Type	Languages	Services
Sample	PowerShell	Azure Functions Azure Logic Apps

---

Automate the creation of Azure EA Subscriptions with PowerShell

This sample codebase demonstrates how to use PowerShell to programmatically create Enterprise Agreement (EA) subscriptions with a service principal.

Prerequisite Tools

• Install the Az PowerShell module
• Install the Azure Functions Core Tools

Running this sample

One-time setup

1. Create an Azure service principal either through Azure CLI, PowerShell or the portal.

2. As an EA Account Owner, follow instructions to grant the service principal access to your enrollment account.

3. Create a new secret in the service principal and note the value - it can only be seen at the time of creation, and it will be used in a later step.

4. Get the ID of the billing + enrollment account you would like the subscriptions to be created in. Make note of the billingAccount and enrollmentAccount names (they will appear as /providers/Microsoft.Billing/billingAccounts/<billingAccountName>/enrollmentAccounts/<enrollmentAccountName>).

Setting Up the Cloud Infrastructure

Function

• Change the variable names in the 'Resource names' section of the infra/function/deployFunction.ps1 file to reflect the resource names you would like to deploy, and run the commands under the 'Set up resources' section.
• Set the encrypted environment variables APP_ID, APP_TENANT, and APP_SEC in the newly created function app to contain your service principal's Application ID, Tenant ID, and Secret generated in Step 3 above.
• Run the command under the 'Deploy code' section of infra/function/deployFunction.ps1 to publish the logic to the function.

Logic App

• Update the logicappdeploy.json file to reflect the resource name you'd like the Logic App to use, and update the file to use the Resource ID of the function deployed above (this string can be found in the 'Properties' tab of the Function in the Azure portal).
• Deploy the template using the commands in infra/logicapp/deployLogicApp.ps1.
• Get the URL of the Logic app by navigating to the resource in the Azure portal, opening the Logic app designer, and copying the 'HTTP POST URL' in the 'When a HTTP request is recieved' step.

Automated Subscription Generation

1. Make a web request to the the Logic App using the URL retrieved above, providing a Subscription Alias, Subscription Name, Billing Account Name, and Enrollment Account in the JSON body of the web request.
   • Note that a subscription alias is a name for the subscription creation request; this is not the same as the subscription name. The alias does not have any other lifecycle beyond the subscription creation request.
   • Follow the instructions here for guidance on alias naming.

Limitations/Considerations

• Limitations can be found here.
• To avoid issues around cold starts and the need to bundle modules with the function, the example deploys a function in an 'Always On' App Service Plan.

Resources

• Programmatically create Azure Enterprise Agreement subscriptions with the latest APIs
• Azure Enterprise Agreement (EA)
• Create an Azure Function in VSCode
• Create a subscription Alias
• Create a Function App
• Deploy an Azure Function
• Create a Logic App
• Using PowerShell Modules in Azure Functions
• Azure Functions running on Dedicated Plan
• Service Principal Authentication in PowerShell