Introduction
I'm sure I'm not the only one this happens to but how often have you set up something Azure to maybe learn about a new feature or do a demo of some sort.
So you do your work, it works but forget to delete your resource groups - then next time you check, you've just realised you've just burnt through a whole bunch of Azure compute.
This article helps you avoid this by setting up Azure Automation to delete these resources up at a regular interval.
Word of warning
Before we begin, this isn't something you should do on a production subscription or ereally any subscription where holds any data you don't want to lose.
This is intended to be set up in a PAYG subscription that you've set up to experiment on and you'd like to keep pristine.
What we want to do
The requirement is that once a day, a job will run and delete all the resource groups in the subscription beginning with "todelete".
For example, this resource group and everything inside it will be deleted once the job runs.
This may be not exactly what you want but it should be easy to customise it once you understand what's being done.
Prerequisite
You'll need an Azure subscription with contributor or higher access. We'll be using Azure Automation to accomplish this
Create an Automation account
Go into the portal and create an Automation account - make sure the resource group you assign to it DOESN'T start with todelete or it'll get deleted when the job runs.
Once it is created, Go to Identity, and assign Contributor access across the whole tenant. This creates a managed identity that gives it access to the whole tenant.
Create a runbook
Now we have set up the Automation account and given it the access we want, it's time to tell the automation account what to do.
Runbooks allows you to specify a script to run. You can run in a number of languages but for our purposes we should select PowerShell.
Once the runbook has finished, paste this gist and press Publish.,
Examining the script
The script is really simple - the first part just logs in using the managed identity of the Automation account.
try
{
"Logging in to Azure..."
Connect-AzAccount -Identity
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}
The second part gets all resource groups starting with "todelete", pipes it to the next command which is to delete them one by one - the -force flag means there is no warning.
get-azresourcegroup -name todelete* | remove-azresourcegroup -force
If you're a little concerned about this step, you can always run get-azresourcegroup -name todelete* on its own and see what resource groups are listed - those are the ones that will be deleted.
Test to see if this works.
We've set up the automation account with the right access, we've created a runbook that has a script to delete the right resources, at this point, let's test it to see if it's all functioning.
To prove that it works, create two resource groups called "todeleteRG" and "dontdeleteRG".
Now start the runbook - once it finishes, the todeleteRG will be gone and the dontdeleteRG will remain.
Set up the schedule
Once we prove the logic works, lets set it up so that it runs overnight automatically and we do that by linking a schedule to the runbook.
Summary
And that's it - every night at 3am, your Azure subscription reverts back to an original state. Now of course, there's lots of things you can do to customise this. Maybe you want to use tags to determine what needs to be deleted instead of the resource group names? Maybe you want to do weekly deletes instead of daily deletes (maybe you can even have two runbooks - one for weekly deletes and one for dailys) - all of this is possible with just a bit of tinkering.
For me, every time I create anything in this subscription, all I have to do is remember to create the resource group with a "todelete" prefix and there's no need to worry it about being there in the morning.
Top comments (0)