Disaster recovery with Runbooks the easy way

I recently came across a problem that we have with our VMs that is protected through a Recovery Services vault. Our VMs is protected but there are a lot of manual steps that we need to do in the case of a disaster witch would be if our prime region goes down and our VMs gets replicated to another region.

For us this was to assign 3 ASG to the VMs NICs and if we did not do this they would not be able to preform what they are supposed to do because they lack network connection.

So I started to look in to the problem and found that within Recovery Services vault there is a function that can run runbooks from an automation account: Recovery Plans (Site Recovery) all right nice I thought.

So I created a new automation account and located it in the region where the VMs failover to I added the script/runbook that I have tested from PowerShell on my computer towards a test-failover VMs and the script added 3 ASG.
On the automation account I enabled System assigned managed identity and gave that System assigned managed identity the RBAC it needed to execute the script and it worked.
I also added a Connection in the automation account with the type Azure, give it a name, AutomationCertificateName, and add the subscription.

Back to the Recovery Services vault and navigated to Recovery Plans (Site Recovery) and created a recovery plan and add a step for me it is a Post-step and select script. Give the step a name chose automation account and chose runbook.

Now for the Recovery Services vault needs System assigned managed identity to be able to execute the script/runbook and also the same RBACs as the automation account plus
Contributor on the storage account that cache the replication.
Storage Blob Data Contributor on the storage account that cache the replication.

When all the RBAC is in place you can try a test failover from your Recovery Plans (Site Recovery).

Hopefully this works as as good as it worked for me.

Bicep code and Powershell script can be found here: