If you make use of an Automation Account, you probably have imported some PowerShell Modules from the PowerShell Gallery.
In my experience it is easy to forget about maintaining these modules. Like the modules on your local machine, you want to regular update the modules to make sure your environment keeps up with the latest features and security options. I have created a script to update Automation Account Modules automatically.
Viewing the modules
You can find all the modules in the menu under Shared resources
If you open it, you can get an overview of all modules, their current state and version.
Update Azure Modules
At the top of the screen, you can find a button that says “Update Azure Modules”. This used to trigger a (hidden) runbook that updates the modules automatically.
Today, if you click it, you get a message saying the update feature has been deprecated.
You can follow the link, copy the script and run the runbook manually.
But I wanted to achieve more: I wanted to update all modules, not just the AzureRM/Az-related ones.
So I let the script provided by Microsoft be an inspiration and I created my own version that will update Automation Account Modules. It will update all of them, as long as the source is the PowerShell Gallery.
About the Script
What the script does:
- Take all Modules in an Automation Account
- Create a ordered list of those modules, while tracking the dependencies
- Go through that ordered list, compare the Automation Account version with the version in the gallery and update if needed
- Keeps track of the process. If an update fails, the script will throw so you can get aware of it
- The Automation account needs a runasAccount to perform the required actions. It is however possible to run the script for a different automation account than the one it is running in.
- Although designed to be used in a runbook, the script can be used from your local computer if you omit the login-part. It doesn’t work in PowerShell 6+ though
- To make use of the AZ functionality, you need to import the modules Az.Accounts and Az.Automation
- If your AzureRM modules are not at the same version, you can get inconsistent results, like the error “Run Login-AzureRmAccount to login. “. If you get that error, ‘delete’ the AzureRM modules. They will be restored to the original value in the Azure Automation Account.
- It is of course possible to schedule the runbook in you automation account so your modules are automatically updated. Do keep in mind that some updates have breaking changes that might effect your runbooks.