Azure API Management: Backing Up and Restoring Configuration

  • Article

UPDATE: If you are wanting to work with API Management (including backing up and restoring configuration) then see the PowerShell cmdlets here: https://msdn.microsoft.com/en-us/library/azure/mt619282.aspx

 

This post shows an approach to backing up and restoring the configuration for an Azure API Management instance. I recently needed to do this to migrate an instance between subscriptions, but other reasons include DR and moving between environments (e.g. dev, staging, release).

The official documented process for backing up is described here: https://azure.microsoft.com/en-us/documentation/articles/api-management-howto-disaster-recovery-backup-restore/

IMPORTANT NOTE: The script in this post does NOT follow the official process exactly!!! Use at your own risk!!

Continue reading to find out more…

Getting the script

If you haven’t already installed and configured the Azure Powershell Cmdlets then instructions are here: https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/. The rest of this post assumes that you have installed and configured them with the relevant accounts.

The script is here: https://gist.github.com/stuartleeks/ba34f7866b8435cd32ea

It would make more sense to package this up as a module that you could import, but I’ve already spent enough time procrastinating rather then getting this post written so I’ve left it as a script that defines some functions. Feel free to turn it into a module if you prefer Smile

 

Running the script

Running the script gives you some new commands:

Start-ApimBackup

 Start a backup of APIM configuration
Start-ApimRestore Start a restore of APIM configuration
Get-ApimOperationStatus Check whether an operation has completed
Wait-ApimOperation Wait (i.e. block) until an operation has completed
Get-ArmToken Get a token for Azure Resource Manager. More on this below!

For example, to start a backup:

$result = Start-ApimBackup `
                -Token $sourceToken `
-Subscription $sourceSubscription `
-ResourceGroupName $sourceResourceGroupName `
-ServiceName $sourceServiceName `
-StorageAccountName $storageAccountName `
-StorageAccessKey $accessKey `
-StorageContainerName $containerName `
-BackupName $backupName -Verbose

The parameters correspond to the details that you need in the official process, so see that if you are unsure: https://azure.microsoft.com/en-us/documentation/articles/api-management-howto-disaster-recovery-backup-restore/.

The result has a StatusCode property. A value of 202 indicates that the operation has started. There is an additional property StatusLocation. This value can be passed to Wait-ApimOperation/Get-ApimOperationStatus

For example, you could continue processing after the above snippet with something like:

if ($result.StatusCode -eq 202){
"Backup started" | Write-Host
$status = Wait-ApimOperation `
                -Token $sourceToken `
-StatusLocation $result.StatusLocation
if($status.Completed) {
"Completed Successfully" | Write-Host
} else {
"Failed $($status.StatusCode)" | Write-Error
}
} else {
"Backup failed: Status Code $($result.StatusCode) $($result.StatusDescription)" | Write-Error
}

Notes

The Get-ArmToken function is the area where the script deviates from the official process. The official process requires you to set up an application in Azure Active Directory. Whilst this gives more options for configuring things, I was looking for a lightweight way to get a token that can be used to authenticate against the Azure Resource Manager (ARM).

Fortunately the Powershell SDK for Azure is open source: https://github.com/Azure/azure-powershell, so I spent some time digging through and (eventually) found the AzureSession class. From what I could tell this holds the context for your Azure Powershell session. Better yet it has an AuthenticationFactory method that gives a way to trigger an authentication and get a token back. Ideal! Most of the properties that were needed looked like they could come from the AzureSession and its properties, or from enums on other classes. The one extra parameter that is needed is the TenantID and this can be looked up from the Subscription in Powershell.

Just to reiterate: this is NOT the official process for backup and restore with API Management. It worked for me, but your mileage may vary!