1. Running custom cleanup tasks in Azure with PowerShell scripts

    TypeScript

    To run custom cleanup tasks in Azure using PowerShell scripts, you can leverage Pulumi's azure-native.resources.AzurePowerShellScript resource, which allows you to execute PowerShell scripts directly within your Azure environment. This can be useful for automating various maintenance and management tasks without manually logging into the Azure portal or using separate command-line tools.

    Here's a step-by-step guide to using this resource to execute a custom cleanup script:

    1. Resource Group: You need an Azure Resource Group, which is a container that holds related resources for an Azure solution. In this scenario, it's where your script execution will take place.

    2. Managed Identity: For executing the script, it's recommended to use a managed identity that has enough permissions to perform the cleanup tasks without handling credentials directly in the script.

    3. Azure PowerShell Script: The AzurePowerShellScript resource will contain the actual PowerShell script you wish to run. You need to define the script content (inline or via a URI), set up any required environment variables, specify the timeout settings, cleanup preferences, and more.

    4. Outputs: After the script execution, you might want to output relevant information such as the script's output result or the identity under which it was run.

    Below is a sample Pulumi program written in TypeScript that creates these resources and executes the PowerShell cleanup script:

    import * as azure from "@pulumi/azure-native"; import * as pulumi from "@pulumi/pulumi"; // Create an Azure resource group to contain the script and associated resources const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup"); // Create a user-assigned managed identity that will run the script const managedIdentity = new azure.msi.UserAssignedIdentity("myManagedIdentity", { resourceGroupName: resourceGroup.name, }); // Define your PowerShell script content (replace this with your actual script) const cleanupScriptContent = ` # PowerShell commands to clean up resources Remove-AzResource -ResourceName 'OldResource' -Force `; // Execute the PowerShell script via the Azure PowerShell Script resource const cleanupScript = new azure.resources.AzurePowerShellScript("myCleanupScript", { resourceGroupName: resourceGroup.name, location: resourceGroup.location, // The script will run in the same region as the resource group scriptContent: cleanupScriptContent, // Inline script content arguments: `-ResourceGroupName ${resourceGroup.name}`, // Pass arguments if needed identity: { type: "UserAssigned", userAssignedIdentities: { [managedIdentity.id]: {}, // Associate the managed identity with the script }, }, azPowerShellVersion: "6.4.0", // Specify the version of Azure PowerShell to use cleanupPreference: "OnSuccess", // Cleanup options: OnSuccess, Always, or OnExpiration retentionInterval: "P1D", // The time the script and its outputs will be retained }); // Export the output results for visibility export const cleanupScriptOutputs = { result: cleanupScript.outputs, managedIdentityPrincipalId: managedIdentity.principalId, };

    This program defines the necessary resources and instructions for Pulumi to create them within your Azure subscription. It starts by creating a resource group then a managed identity with the required permissions. Next, it defines the PowerShell script to run along with its execution settings, such as the version of Azure PowerShell to use, the cleanup preference, and how long the output should be retained. Finally, it exports the output results, which can then be viewed after the script has executed.

    Remember to tailor the cleanupScriptContent variable to include your actual PowerShell commands. Make sure that the managed identity has proper permissions to perform the cleanup tasks. Deploy this script with Pulumi, and your cleanup jobs will be automated in Azure.