DataSic/AzureAutomation.JITaccess.ps1

## AzureAutomation.JITaccess.ps1
<#
    JIT 'Allow access to Azure services' for runbook on Azure Sql Database/Datawarehouse
#>
try
{
    # Init variables
    $resourceGroupName = Get-AutomationVariable -Name "ResourceGroup"
    $serverName = Get-AutomationVariable -Name "ServerName"
    $firewallRuleName = "AllowAllWindowsAzureIps"

    # Use built-in account
    $servicePrincipalConnection = Get-AutomationConnection -Name "AzureRunAsConnection"

    # Log into Azure with AzureRunAsConnection
    $addAzureRmAccountSplat = @{
        CertificateThumbprint = $servicePrincipalConnection.CertificateThumbprint
        TenantId = $servicePrincipalConnection.TenantId
        ServicePrincipal = $true
        ApplicationId = $servicePrincipalConnection.ApplicationId
    }
    $null = Add-AzureRmAccount @addAzureRmAccountSplat

    # Enable 'Allow Access To Azure Services'
    $newAzureRmSqlServerFirewallRuleSplat = @{
        ResourceGroupName = $resourceGroupName
        ServerName = $serverName
        FirewallRuleName = $firewallRuleName
        StartIpAddress = "0.0.0.0"
        EndIpAddress = "0.0.0.0"
    }
    $null = New-AzureRmSqlServerFirewallRule @newAzureRmSqlServerFirewallRuleSplat


    # Perform task here


    # Disable 'Allow Access To Azure Services'
    $removeAzureRmSqlServerFirewallRuleSplat = @{
        ResourceGroupName = $resourceGroupName
        ServerName = $serverName
        FirewallRuleName = $firewallRuleName
        Force = $true
    }
    $null = Remove-AzureRmSqlServerFirewallRule @removeAzureRmSqlServerFirewallRuleSplat
}
catch {
    Write-Error -Message $_.Exception
    throw $_.Exception
}
	<#
	JIT 'Allow access to Azure services' for runbook on Azure Sql Database/Datawarehouse
	#>
	try
	{
	# Init variables
	$resourceGroupName = Get-AutomationVariable -Name "ResourceGroup"
	$serverName = Get-AutomationVariable -Name "ServerName"
	$firewallRuleName = "AllowAllWindowsAzureIps"

	# Use built-in account
	$servicePrincipalConnection = Get-AutomationConnection -Name "AzureRunAsConnection"

	# Log into Azure with AzureRunAsConnection
	$addAzureRmAccountSplat = @{
	CertificateThumbprint = $servicePrincipalConnection.CertificateThumbprint
	TenantId = $servicePrincipalConnection.TenantId
	ServicePrincipal = $true
	ApplicationId = $servicePrincipalConnection.ApplicationId
	}
	$null = Add-AzureRmAccount @addAzureRmAccountSplat

	# Enable 'Allow Access To Azure Services'
	$newAzureRmSqlServerFirewallRuleSplat = @{
	ResourceGroupName = $resourceGroupName
	ServerName = $serverName
	FirewallRuleName = $firewallRuleName
	StartIpAddress = "0.0.0.0"
	EndIpAddress = "0.0.0.0"
	}
	$null = New-AzureRmSqlServerFirewallRule @newAzureRmSqlServerFirewallRuleSplat


	# Perform task here


	# Disable 'Allow Access To Azure Services'
	$removeAzureRmSqlServerFirewallRuleSplat = @{
	ResourceGroupName = $resourceGroupName
	ServerName = $serverName
	FirewallRuleName = $firewallRuleName
	Force = $true
	}
	$null = Remove-AzureRmSqlServerFirewallRule @removeAzureRmSqlServerFirewallRuleSplat
	}
	catch {
	Write-Error -Message $_.Exception
	throw $_.Exception
	}