How to deploy an Azure Automation account, set up source control link & deploy runbooks via Azure DevOps CD YAML pipeline.

My GitHub repo shows how to set up an Azure DevOps Continuous Deployment (CD) pipeline for deploying an Azure Automation account & associated Runbooks.


  1. Clone the repo & upload into your own Azure DevOps instance.
  2. Modify the /ado/env & /infra/env files to match your Azure & Azure DevOps environment.
  3. Select the Pipelines blade in Azure DevOps and click on New pipeline
  4. Select where your have stored your source code, select Existing Azure Pipelines YAML file, select the Branch (likely main) and set the Path to /ado/deploy-automation.yml.
  5. Save the pipeline.
  6. In the upper right-hand corner of the screen, select the User Settings button and select Personal Access Tokens. This PAT will be used by the Azure Automation account to pull the runbooks from source control.
  7. Click New Token, give it a name that reminds you what it will be for (example: AzureAutomation). Set the Expiration. Add the following scopes (click on the Custom defined radio button to see them all).
    1. Code – Read
    2. Identity – Read
    3. Project and Team – Read
    4. Service Connections – Read, query, & manage
    5. User Profile – Read
    6. Work Items – Read
  8. Copy the PAT to Notepad.
  9. Navigate back to the pipeline and click on Edit.
  10. Click Variables and then New variable.
  11. Name the variable AdoPat, paste in the PAT string you copied earlier & check the Keep this value secret checkbox. Click Ok to save.
  12. Click Run pipeline to execute. You may need to authorize the pipeline to use the service connection. This initial run will create all of the required Azure resources & set up the sync, but it will fail the first time becuase you need to grant the Managed Identity that the Automation Account uses Contributor access to the Resource Group so it can create Runbook resources (
  13. In the Azure portal, navigate to your Resource Group. Click on the Access control blade. Click on Add->Add Role assignment.
    1. Select the Contributor role. Click Next.
    2. Select the Managed identity radio button. Click Select members.
    3. Select the managed identity that was created in your resource groups. Click `Select.
    4. Click Review + assign.
  14. Run the pipeline again to see the sync occur.

You can now see the Azure Automation Source Control link & Runbook sync job complete in the Azure portal.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *