* Update 2022-11-16: Updating scripts / procedures to use MSI, instead of Automation Run As Account
https://learn.microsoft.com/en-us/azure/automation/manage-run-as-account
Azure Automation Run As Account will retire on September 30, 2023 and will be replaced with Managed Identities. Before that date, you'll need to start migrating your runbooks to use managed identities. For more information, see migrating from an existing Run As accounts to managed identity to start migrating the runbooks from Run As account to managed identities before 30 September 2023.
As Synapse engineer or Synapse Support Engineer you may need to start and test some Pools, and you want this to be the most cost efficient possible. Leaving some Synapse with a lot of DWU left turned on during the weekend because you forget to pause the DW after you shutdown your computers is not a good approach and we can quickly resolve this by using Powershell + Automation accounts.
Before we get into the procedure on the automation, just want to show you some details.
We currently have two flavors of Synapse
This is important to know because we are going to use 2 different scripts to pause the pool
There are 2 versions of the script
This script you can run from your machine and you can get last version of script at Synapse - Pause all DWs.ps1 - GitHub
(This code will not work on Automation account - Find procedure below at "2. Using Azure Automation Account")
You are going to need the modules installed
For below script I'm considering that your user is same that you use to admin your Azure Subscription
Sample:
Context exists
Current credential is sefonsec@microsoft.com
Current subscription is SEFONSEC Microsoft Azure Internal Consumption
---------------------------------------------------------------------------------------------------
Get SQL / Synapse RESOURCES
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Loop through all Synapse Workspaces
---------------------------------------------------------------------------------------------------
Checking Azure Synapse Workspace [xxxxxxxxxxx_synapse] for Synapse SQL Pools
-> Synapse SQL Pool [dwpool] found with status [Online]
-> Pausing Synapse SQL Pool [dwpool]
-> Synapse SQL Pool [dwpool] paused in 0 hours, 2 minutes and 32 seconds. Current status [Paused]
---------------------------------------------------------------------------------------------------
Loop through all SQL Servers (former SQLDW)
---------------------------------------------------------------------------------------------------
Checking SQL Server [xxxxxxxxxxx-eastus] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-eastus2] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-northeu] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-southcentralus] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-uksouth] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-ukwest] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx] in Resource Group [CSSAzureDB] for Synapse SQL Pools
-> Synapse SQL Pool [SQLDW] found with status [Paused]
Checking SQL Server [xxxxxxxxxxx-byok] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-demo] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx_synapse] in Resource Group [synapseworkspace-managedrg-5da694c3-ae72-4f25-9cc6-626adcf858e6] for Synapse SQL Pools
-> This DB is part of Synapse Workspace - Ignore here Should be done above using Az.Synapse Module
Checking SQL Server [xxxxxxxxxxx-westeu] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Checking SQL Server [xxxxxxxxxxx-westus] in Resource Group [CSSAzureDB_OtherRegions] for Synapse SQL Pools
Sample with error:
Checking Azure Synapse Workspace [xxxxxxxxxxx_synapse] for Synapse SQL Pools
Write-Error: -> Checking Synapse SQL Pool [dwpool] found with status [Resuming]
Now we want this to be automated, like as a sample to shutdown every day at 11PM and to send alerts if an error happens.
You can find last version at: Synapse - Pause all DWs - Automation Acount - MSI.ps1 - GitHub
2.1. Create the Automation Account
2.2. Ensure that the Automation Account has a Managed Identity assigned:
Or during creation:
2.3. Add the any required permissions.
Make sure to use less privileged logic to avoid risks. For example, adding only permission on required resource groups to avoid security risks or pausing production workload.
2.4. Automation account now comes with Az Modules. If you don't see the Az modules, please check and refer to the following resources:
2.5. Now go to runbooks and create a new Powershell runbook
2.6. Add code from Synapse - Pause all DWs - Automation Acount - MSI.ps1 - GitHub
2.7. Save and Publish. And click on Start to test it
2.8. Check the output tab
2.9. Go to schedules and add a new schedule
2.10. To be alerted if a schedule fails, go to the automation account and click on Alerts
2.11. You need to add a condition when an alert executes and what actions will be taken. This action could be an email notification, run a process or script
2.12. Configure the condition. You are going to use the metric Total Jobs (Like total jobs failed)
2.13. Define the following
2.14. Add the action group. In this example, send an email to sefonsec@microsoft.
You are now set!
Your DW will be stopped at 11PM if some error occurs and you will be alerted via email when a DW is in a state that could not be paused.
Another last tip is to use the Azure Budget control from @Gonçalo Ventura
The budget puts a maximum limit on the cost of the subscription, in case some service is left running the subscription will automatically suspend when the budget is reached.
To avoid reaching the max limit and let the subscription go into suspended mode, it is possible to create an alert when the cost reaches a percentage of the budget.
To configure a budget, go to “Subscriptions" or “Cost Management + Billing”, then click on Budgets and fill in the parameters for your budget:
Click next and set an alert:
Synapse may not be the only service in your subscription, you may have VMs, SQL DBs, etc that would impact the budget.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.