Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Azure API Management backup automation
<#
.SYNOPSIS
This Azure Automation runbook automates Azure API Management backup to Blob storage and deletes old backups from blob storage.
.DESCRIPTION
You should use this Runbook if you want manage Azure API Management backups in Blob storage.
This is a PowerShell runbook, as opposed to a PowerShell Workflow runbook.
It requires AzureRM.ApiManagement module to be installed.
The script uses the AzureRunAsConnection connection to login and perform the backup.
.PARAMETER ApimResourceGroupName
Specifies the name of the resource group where the Azure Api Management instance is located.
.PARAMETER ApimInstanceName
Specifies the name of the Azure Api Management which script will backup.
.PARAMETER StorageAccountName
Specifies the name of the storage account where backup file will be uploaded.
.PARAMETER StorageAccountKey
Specifies the key of the storage account where backup file will be uploaded.
.PARAMETER BlobContainerName
Specifies the container name of the storage account where backup file will be uploaded. Container will be created
if it does not exist.
.PARAMETER BackupFilePrefix
Specifies the backup blob file prefix. The suffix will be automatically generated based on the date in the format
yyyyMMddHHmm followed by the .bak file extension. Default value apim_.
.PARAMETER RetentionDays
Specifies the number of days how long backups are kept in blob storage. The default value is 30 days as the backups
expire after that. Script will remove all older files from container, thus a dedicated container should be used
for this script.
.INPUTS
None.
.OUTPUTS
Human-readable informational and error messages produced during the job. Not intended to be consumed by another runbook.
#>
param(
[parameter(Mandatory=$true)]
[String] $ApimResourceGroupName,
[parameter(Mandatory=$true)]
[String] $ApimInstanceName,
[parameter(Mandatory=$true)]
[String]$StorageAccountName,
[parameter(Mandatory=$true)]
[String]$StorageAccountKey,
[parameter(Mandatory=$true)]
[string]$BlobContainerName,
[parameter(Mandatory=$false)]
[string]$BackupFilePrefix = "apim_",
[parameter(Mandatory=$false)]
[Int32]$RetentionDays = 30,
[parameter(Mandatory=$true)]
[string]$SubscriptionName
)
$ErrorActionPreference = 'stop'
function Login() {
$connectionName = "AzureRunAsConnection"
try
{
Write-Verbose "Acquiring service principal for connection '$connectionName'" -Verbose
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
Write-Verbose "Logging in to Azure..." -Verbose
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint `
-Subscription $SubscriptionName | Out-Null
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
}
function Create-Blob-Container([string]$blobContainerName, $storageContext) {
Write-Verbose "Checking if blob container '$blobContainerName' already exists" -Verbose
if (Get-AzureStorageContainer -ErrorAction "Stop" -Context $storageContext | Where-Object { $_.Name -eq $blobContainerName }) {
Write-Verbose "Container '$blobContainerName' already exists" -Verbose
} else {
New-AzureStorageContainer -ErrorAction "Stop" -Name $blobContainerName -Permission Off -Context $storageContext
Write-Verbose "Container '$blobContainerName' created" -Verbose
}
}
function Backup-To-Blob-Storage([string]$apimResourceGroupName, [string]$apimInstanceName, $storageContext, [string]$blobContainerName, [string]$backupPrefix) {
$backupBlobName = $backupPrefix + (Get-Date).ToString("yyyyMMddHHmm") + ".bak"
Write-Verbose "Starting APIM backup to blob '$blobContainerName/$backupBlobName'" -Verbose
Backup-AzureRmApiManagement -Name $apimInstanceName -ResourceGroupName $apimResourceGroupName -StorageContext $storageContext `
-TargetContainerName $blobContainerName `
-TargetBlobName $backupBlobName
}
function Delete-Old-Backups([int]$retentionDays, [string]$blobContainerName, $storageContext) {
Write-Output "Removing backups older than '$retentionDays' days from container: '$blobContainerName'"
$isOldDate = [DateTime]::UtcNow.AddDays(-$retentionDays)
$blobs = Get-AzureStorageBlob -Container $blobContainerName -Context $storageContext
foreach ($blob in ($blobs | Where-Object { $_.LastModified.UtcDateTime -lt $isOldDate -and $_.BlobType -eq "BlockBlob" })) {
Write-Verbose ("Removing blob: " + $blob.Name) -Verbose
Remove-AzureStorageBlob -Blob $blob.Name -Container $blobContainerName -Context $storageContext
}
}
Write-Verbose "Starting APIM backup" -Verbose
Write-Verbose "Establishing storage context" -Verbose
$StorageContext = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $StorageAccountKey
Login
Create-Blob-Container `
-blobContainerName $blobContainerName `
-storageContext $storageContext
Backup-To-Blob-Storage `
-apimResourceGroupName $ApimResourceGroupName `
-apimInstanceName $ApimInstanceName `
-storageContext $StorageContext `
-blobContainerName $BlobContainerName `
-backupPrefix $BackupFilePrefix
Delete-Old-Backups `
-retentionDays $RetentionDays `
-storageContext $StorageContext `
-blobContainerName $BlobContainerName
Write-Verbose "APIM backup script finished" -Verbose
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.