Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Azure API Management backup automation
This Azure Automation runbook automates Azure API Management backup to Blob storage and deletes old backups from blob storage.
You should use this Runbook if you want manage Azure API Management backups in Blob storage.
This is a PowerShell runbook, as opposed to a PowerShell Workflow runbook.
It requires AzureRM.ApiManagement module to be installed.
The script uses the AzureRunAsConnection connection to login and perform the backup.
.PARAMETER ApimResourceGroupName
Specifies the name of the resource group where the Azure Api Management instance is located.
.PARAMETER ApimInstanceName
Specifies the name of the Azure Api Management which script will backup.
.PARAMETER StorageAccountName
Specifies the name of the storage account where backup file will be uploaded.
.PARAMETER StorageAccountKey
Specifies the key of the storage account where backup file will be uploaded.
.PARAMETER BlobContainerName
Specifies the container name of the storage account where backup file will be uploaded. Container will be created
if it does not exist.
.PARAMETER BackupFilePrefix
Specifies the backup blob file prefix. The suffix will be automatically generated based on the date in the format
yyyyMMddHHmm followed by the .bak file extension. Default value apim_.
.PARAMETER RetentionDays
Specifies the number of days how long backups are kept in blob storage. The default value is 30 days as the backups
expire after that. Script will remove all older files from container, thus a dedicated container should be used
for this script.
Human-readable informational and error messages produced during the job. Not intended to be consumed by another runbook.
[String] $ApimResourceGroupName,
[String] $ApimInstanceName,
[string]$BackupFilePrefix = "apim_",
[Int32]$RetentionDays = 30,
$ErrorActionPreference = 'stop'
function Login() {
$connectionName = "AzureRunAsConnection"
Write-Verbose "Acquiring service principal for connection '$connectionName'" -Verbose
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
Write-Verbose "Logging in to Azure..." -Verbose
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint `
-Subscription $SubscriptionName | Out-Null
catch {
if (!$servicePrincipalConnection)
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
function Create-Blob-Container([string]$blobContainerName, $storageContext) {
Write-Verbose "Checking if blob container '$blobContainerName' already exists" -Verbose
if (Get-AzureStorageContainer -ErrorAction "Stop" -Context $storageContext | Where-Object { $_.Name -eq $blobContainerName }) {
Write-Verbose "Container '$blobContainerName' already exists" -Verbose
} else {
New-AzureStorageContainer -ErrorAction "Stop" -Name $blobContainerName -Permission Off -Context $storageContext
Write-Verbose "Container '$blobContainerName' created" -Verbose
function Backup-To-Blob-Storage([string]$apimResourceGroupName, [string]$apimInstanceName, $storageContext, [string]$blobContainerName, [string]$backupPrefix) {
$backupBlobName = $backupPrefix + (Get-Date).ToString("yyyyMMddHHmm") + ".bak"
Write-Verbose "Starting APIM backup to blob '$blobContainerName/$backupBlobName'" -Verbose
Backup-AzureRmApiManagement -Name $apimInstanceName -ResourceGroupName $apimResourceGroupName -StorageContext $storageContext `
-TargetContainerName $blobContainerName `
-TargetBlobName $backupBlobName
function Delete-Old-Backups([int]$retentionDays, [string]$blobContainerName, $storageContext) {
Write-Output "Removing backups older than '$retentionDays' days from container: '$blobContainerName'"
$isOldDate = [DateTime]::UtcNow.AddDays(-$retentionDays)
$blobs = Get-AzureStorageBlob -Container $blobContainerName -Context $storageContext
foreach ($blob in ($blobs | Where-Object { $_.LastModified.UtcDateTime -lt $isOldDate -and $_.BlobType -eq "BlockBlob" })) {
Write-Verbose ("Removing blob: " + $blob.Name) -Verbose
Remove-AzureStorageBlob -Blob $blob.Name -Container $blobContainerName -Context $storageContext
Write-Verbose "Starting APIM backup" -Verbose
Write-Verbose "Establishing storage context" -Verbose
$StorageContext = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $StorageAccountKey
Create-Blob-Container `
-blobContainerName $blobContainerName `
-storageContext $storageContext
Backup-To-Blob-Storage `
-apimResourceGroupName $ApimResourceGroupName `
-apimInstanceName $ApimInstanceName `
-storageContext $StorageContext `
-blobContainerName $BlobContainerName `
-backupPrefix $BackupFilePrefix
Delete-Old-Backups `
-retentionDays $RetentionDays `
-storageContext $StorageContext `
-blobContainerName $BlobContainerName
Write-Verbose "APIM backup script finished" -Verbose
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment