diff --git a/internal/services/automation/automation_watcher.go b/internal/services/automation/automation_watcher.go
new file mode 100644
index 000000000000..ecddfa9c44cf
--- /dev/null
+++ b/internal/services/automation/automation_watcher.go
@@ -0,0 +1,250 @@
+package automation
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tags"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/automation/mgmt/2020-01-13-preview/automation"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/automation/parse"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/automation/validate"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+type WatcherModel struct {
+	AutomationAccountID         string                 `tfschema:"automation_account_id"`
+	Name                        string                 `tfschema:"name"`
+	Location                    string                 `tfschema:"location"`
+	Tags                        map[string]interface{} `tfschema:"tags"`
+	Etag                        string                 `tfschema:"etag"`
+	ExecutionFrequencyInSeconds int64                  `tfschema:"execution_frequency_in_seconds"`
+	ScriptName                  string                 `tfschema:"script_name"`
+	ScriptParameters            map[string]interface{} `tfschema:"script_parameters"`
+	ScriptRunOn                 string                 `tfschema:"script_run_on"`
+	Description                 string                 `tfschema:"description"`
+	Status                      string                 `tfschema:"status"`
+}
+
+type WatcherResource struct{}
+
+var _ sdk.Resource = (*WatcherResource)(nil)
+
+func (m WatcherResource) Arguments() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"automation_account_id": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ForceNew:     true,
+			ValidateFunc: validate.AutomationAccountID,
+		},
+
+		"name": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ForceNew:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+
+		"location": commonschema.Location(),
+
+		"tags": commonschema.Tags(),
+
+		"etag": {
+			Type:         pluginsdk.TypeString,
+			Optional:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+
+		"execution_frequency_in_seconds": {
+			Type:         pluginsdk.TypeInt,
+			Required:     true,
+			ValidateFunc: validation.IntAtLeast(0),
+		},
+
+		"script_name": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ForceNew:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+
+		"script_parameters": {
+			Type:     pluginsdk.TypeMap,
+			Optional: true,
+			ForceNew: true,
+			Elem: &pluginsdk.Schema{
+				Type: pluginsdk.TypeString,
+			},
+		},
+
+		"script_run_on": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+
+		"description": {
+			Type:         pluginsdk.TypeString,
+			Optional:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+	}
+}
+
+func (m WatcherResource) Attributes() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"status": {
+			Type:     pluginsdk.TypeString,
+			Computed: true,
+		},
+	}
+}
+
+func (m WatcherResource) ModelObject() interface{} {
+	return &WatcherModel{}
+}
+
+func (m WatcherResource) ResourceType() string {
+	return "azurerm_automation_watcher"
+}
+
+func (m WatcherResource) Create() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 30 * time.Minute,
+		Func: func(ctx context.Context, meta sdk.ResourceMetaData) error {
+			client := meta.Client.Automation.WatcherClient
+
+			var model WatcherModel
+			if err := meta.Decode(&model); err != nil {
+				return err
+			}
+
+			subscriptionID := meta.Client.Account.SubscriptionId
+			accountID, _ := parse.AutomationAccountID(model.AutomationAccountID)
+			id := parse.NewWatcherID(subscriptionID, accountID.ResourceGroup, accountID.Name, model.Name)
+
+			existing, err := client.Get(ctx, id.ResourceGroup, id.AutomationAccountName, id.Name)
+			if !utils.ResponseWasNotFound(existing.Response) {
+				if err != nil {
+					return fmt.Errorf("retreiving %s: %v", id, err)
+				}
+				return meta.ResourceRequiresImport(m.ResourceType(), id)
+			}
+
+			var param automation.Watcher
+			param.Tags = tags.Expand(model.Tags)
+			param.Etag = utils.String(model.Etag)
+			param.Location = utils.String(model.Location)
+			param.WatcherProperties = &automation.WatcherProperties{}
+			prop := param.WatcherProperties
+			prop.ExecutionFrequencyInSeconds = utils.Int64(model.ExecutionFrequencyInSeconds)
+			prop.ScriptName = utils.String(model.ScriptName)
+			prop.ScriptParameters = tags.Expand(model.ScriptParameters)
+			prop.ScriptRunOn = utils.String(model.ScriptRunOn)
+			prop.Description = utils.String(model.Description)
+
+			_, err = client.CreateOrUpdate(ctx, id.ResourceGroup, id.AutomationAccountName, id.Name, param)
+			if err != nil {
+				return fmt.Errorf("creating %s: %v", id, err)
+			}
+
+			meta.SetID(id)
+			return nil
+		},
+	}
+}
+
+func (m WatcherResource) Read() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 5 * time.Minute,
+		Func: func(ctx context.Context, meta sdk.ResourceMetaData) error {
+			id, err := parse.WatcherID(meta.ResourceData.Id())
+			if err != nil {
+				return err
+			}
+			client := meta.Client.Automation.WatcherClient
+			result, err := client.Get(ctx, id.ResourceGroup, id.AutomationAccountName, id.Name)
+			if err != nil {
+				return err
+			}
+
+			var output WatcherModel
+			if err := meta.Decode(&output); err != nil {
+				return err
+			}
+
+			prop := result.WatcherProperties
+			output.AutomationAccountID = parse.NewAutomationAccountID(id.SubscriptionId, id.ResourceGroup, id.AutomationAccountName).ID()
+			output.Name = id.Name
+			output.ExecutionFrequencyInSeconds = utils.NormaliseNilableInt64(prop.ExecutionFrequencyInSeconds)
+			output.ScriptName = utils.NormalizeNilableString(prop.ScriptName)
+			output.ScriptParameters = tags.Flatten(prop.ScriptParameters)
+			output.ScriptRunOn = utils.NormalizeNilableString(prop.ScriptRunOn)
+			output.Description = utils.NormalizeNilableString(prop.Description)
+			output.Status = utils.NormalizeNilableString(prop.Status)
+
+			// tags, etag and location do not returned by response, so do NOT encode them
+
+			return meta.Encode(&output)
+		},
+	}
+}
+
+func (m WatcherResource) Update() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 10 * time.Minute,
+		Func: func(ctx context.Context, meta sdk.ResourceMetaData) (err error) {
+			client := meta.Client.Automation.WatcherClient
+
+			id, err := parse.WatcherID(meta.ResourceData.Id())
+			if err != nil {
+				return err
+			}
+
+			var model WatcherModel
+			if err = meta.Decode(&model); err != nil {
+				return fmt.Errorf("decoding err: %+v", err)
+			}
+
+			var upd automation.WatcherUpdateParameters
+			upd.WatcherUpdateProperties = &automation.WatcherUpdateProperties{}
+			if meta.ResourceData.HasChange("execution_frequency_in_seconds") {
+				upd.WatcherUpdateProperties.ExecutionFrequencyInSeconds = utils.Int64(model.ExecutionFrequencyInSeconds)
+			}
+			if _, err = client.Update(ctx, id.ResourceGroup, id.Name, id.AutomationAccountName, upd); err != nil {
+				return fmt.Errorf("updating %s: %v", id, err)
+			}
+
+			return nil
+		},
+	}
+}
+
+func (m WatcherResource) Delete() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 10 * time.Minute,
+		Func: func(ctx context.Context, meta sdk.ResourceMetaData) error {
+			id, err := parse.WatcherID(meta.ResourceData.Id())
+			if err != nil {
+				return err
+			}
+			meta.Logger.Infof("deleting %s", id)
+			client := meta.Client.Automation.WatcherClient
+			if _, err = client.Delete(ctx, id.ResourceGroup, id.AutomationAccountName, id.Name); err != nil {
+				return fmt.Errorf("deleting %s: %v", id, err)
+			}
+			return nil
+		},
+	}
+}
+
+func (m WatcherResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
+	return validate.WatcherID
+}
diff --git a/internal/services/automation/automation_watcher_test.go b/internal/services/automation/automation_watcher_test.go
new file mode 100644
index 000000000000..a531cb33797a
--- /dev/null
+++ b/internal/services/automation/automation_watcher_test.go
@@ -0,0 +1,237 @@
+package automation_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/automation"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/automation/parse"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+type WatcherResource struct{}
+
+func TestAccWatcher_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, automation.WatcherResource{}.ResourceType(), "test")
+	r := WatcherResource{}
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("execution_frequency_in_seconds").HasValue("2"),
+			),
+		},
+		data.ImportStep("tags", "etag", "location"),
+	})
+}
+
+func TestAccWatcher_update(t *testing.T) {
+	data := acceptance.BuildTestData(t, automation.WatcherResource{}.ResourceType(), "test")
+	r := WatcherResource{}
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("execution_frequency_in_seconds").HasValue("2"),
+			),
+		},
+		data.ImportStep("tags", "etag", "location"),
+		{
+			Config: r.update(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("execution_frequency_in_seconds").HasValue("20"),
+			),
+		},
+		data.ImportStep("tags", "etag", "location"),
+	})
+}
+
+func (a WatcherResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
+	id, err := parse.WatcherID(state.ID)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.Automation.WatcherClient.Get(ctx, id.ResourceGroup, id.AutomationAccountName, id.Name)
+	if err != nil {
+		return nil, fmt.Errorf("retrieving Type %s: %+v", id, err)
+	}
+	return utils.Bool(resp.WatcherProperties != nil), nil
+}
+
+func (a WatcherResource) basic(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+
+
+%s
+
+resource "azurerm_automation_watcher" "test" {
+  automation_account_id = azurerm_automation_account.test.id
+  name                  = "acctest-watcher-%[2]d"
+  location              = "%[3]s"
+
+  tags = {
+    foo = "bar"
+  }
+
+  script_parameters = {
+    param_foo = "arg_bar"
+  }
+
+  script_run_on                  = azurerm_automation_hybrid_runbook_worker_group.test.name
+  description                    = "example-watcher desc"
+  etag                           = "etag example"
+  script_name                    = azurerm_automation_runbook.test.name
+  execution_frequency_in_seconds = 2
+}
+`, a.template(data), data.RandomInteger, data.Locations.Primary)
+}
+
+func (a WatcherResource) update(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+
+
+%s
+
+resource "azurerm_automation_watcher" "test" {
+  automation_account_id = azurerm_automation_account.test.id
+  name                  = "acctest-watcher-%[2]d"
+  location              = "%[3]s"
+
+  tags = {
+    "foo" = "bar"
+  }
+
+  script_parameters = {
+    foo = "bar"
+  }
+
+  etag                           = "etag example"
+  execution_frequency_in_seconds = 20
+  script_name                    = azurerm_automation_runbook.test.name
+  script_run_on                  = azurerm_automation_hybrid_runbook_worker_group.test.name
+  description                    = "example-watcher desc"
+}
+`, a.template(data), data.RandomInteger, data.Locations.Primary)
+}
+
+func (a WatcherResource) template(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-auto-%[1]d"
+  location = "%[2]s"
+}
+
+resource "azurerm_automation_account" "test" {
+  name                = "acctestAA-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  sku_name            = "Basic"
+}
+
+resource "azurerm_automation_credential" "test" {
+  name                    = "acctest-%[1]d"
+  resource_group_name     = azurerm_resource_group.test.name
+  automation_account_name = azurerm_automation_account.test.name
+  username                = "test_user"
+  password                = "test_pwd"
+}
+
+resource "azurerm_automation_hybrid_runbook_worker_group" "test" {
+  resource_group_name     = azurerm_resource_group.test.name
+  automation_account_name = azurerm_automation_account.test.name
+  name                    = "acctest-%[1]d"
+  credential_name         = azurerm_automation_credential.test.name
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestnw-%[1]d"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "internal"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.2.0/24"]
+}
+
+resource "azurerm_network_interface" "test" {
+  name                = "acctni-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  ip_configuration {
+    name                          = "testconfiguration1"
+    subnet_id                     = azurerm_subnet.test.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_linux_virtual_machine" "test" {
+  name                = "acctestVM-%[1]d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  size                = "Standard_F2"
+  admin_username      = "adminuser"
+  admin_password      = "P@$$w0rd1234!"
+
+  disable_password_authentication = false
+
+  network_interface_ids = [
+    azurerm_network_interface.test.id,
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "16.04-LTS"
+    version   = "latest"
+  }
+
+  tags = {
+    azsecpack                                                                  = "nonprod"
+    "platformsettings.host_environment.service.platform_optedin_for_rootcerts" = "true"
+  }
+}
+
+resource "azurerm_automation_runbook" "test" {
+  name                    = "acc-runbook-%[1]d"
+  location                = azurerm_resource_group.test.location
+  resource_group_name     = azurerm_resource_group.test.name
+  automation_account_name = azurerm_automation_account.test.name
+
+  log_verbose  = "true"
+  log_progress = "true"
+  description  = "This is a test runbook for terraform acceptance test"
+  runbook_type = "PowerShell"
+
+  content = <<CONTENT
+# Some test content
+# for Terraform acceptance test
+CONTENT
+  tags = {
+    ENV = "runbook_test"
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, uuid.New().String())
+}
diff --git a/internal/services/automation/client/client.go b/internal/services/automation/client/client.go
index 0c594703a326..c3bdefc8b2f1 100644
--- a/internal/services/automation/client/client.go
+++ b/internal/services/automation/client/client.go
@@ -26,6 +26,7 @@ type Client struct {
 	ScheduleClient              *automation.ScheduleClient
 	SourceControlClient         *automation.SourceControlClient
 	VariableClient              *automation.VariableClient
+	WatcherClient               *automation.WatcherClient
 	WebhookClient               *automation.WebhookClient
 }
 
@@ -81,6 +82,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	variableClient := automation.NewVariableClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&variableClient.Client, o.ResourceManagerAuthorizer)
 
+	watcherClient := automation.NewWatcherClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&watcherClient.Client, o.ResourceManagerAuthorizer)
+
 	webhookClient := automation.NewWebhookClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&webhookClient.Client, o.ResourceManagerAuthorizer)
 
@@ -102,6 +106,7 @@ func NewClient(o *common.ClientOptions) *Client {
 		ScheduleClient:              &scheduleClient,
 		SourceControlClient:         &sourceCtlClient,
 		VariableClient:              &variableClient,
+		WatcherClient:               &watcherClient,
 		WebhookClient:               &webhookClient,
 	}
 }
diff --git a/internal/services/automation/parse/watcher.go b/internal/services/automation/parse/watcher.go
new file mode 100644
index 000000000000..c1a0dd88a8f3
--- /dev/null
+++ b/internal/services/automation/parse/watcher.go
@@ -0,0 +1,75 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+type WatcherId struct {
+	SubscriptionId        string
+	ResourceGroup         string
+	AutomationAccountName string
+	Name                  string
+}
+
+func NewWatcherID(subscriptionId, resourceGroup, automationAccountName, name string) WatcherId {
+	return WatcherId{
+		SubscriptionId:        subscriptionId,
+		ResourceGroup:         resourceGroup,
+		AutomationAccountName: automationAccountName,
+		Name:                  name,
+	}
+}
+
+func (id WatcherId) String() string {
+	segments := []string{
+		fmt.Sprintf("Name %q", id.Name),
+		fmt.Sprintf("Automation Account Name %q", id.AutomationAccountName),
+		fmt.Sprintf("Resource Group %q", id.ResourceGroup),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Watcher", segmentsStr)
+}
+
+func (id WatcherId) ID() string {
+	fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Automation/automationAccounts/%s/watchers/%s"
+	return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.AutomationAccountName, id.Name)
+}
+
+// WatcherID parses a Watcher ID into an WatcherId struct
+func WatcherID(input string) (*WatcherId, error) {
+	id, err := resourceids.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	resourceId := WatcherId{
+		SubscriptionId: id.SubscriptionID,
+		ResourceGroup:  id.ResourceGroup,
+	}
+
+	if resourceId.SubscriptionId == "" {
+		return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
+	}
+
+	if resourceId.ResourceGroup == "" {
+		return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
+	}
+
+	if resourceId.AutomationAccountName, err = id.PopSegment("automationAccounts"); err != nil {
+		return nil, err
+	}
+	if resourceId.Name, err = id.PopSegment("watchers"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &resourceId, nil
+}
diff --git a/internal/services/automation/parse/watcher_test.go b/internal/services/automation/parse/watcher_test.go
new file mode 100644
index 000000000000..2998e4c75b8e
--- /dev/null
+++ b/internal/services/automation/parse/watcher_test.go
@@ -0,0 +1,128 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"testing"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+var _ resourceids.Id = WatcherId{}
+
+func TestWatcherIDFormatter(t *testing.T) {
+	actual := NewWatcherID("12345678-1234-9876-4563-123456789012", "group1", "account1", "watcher1").ID()
+	expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/watcher1"
+	if actual != expected {
+		t.Fatalf("Expected %q but got %q", expected, actual)
+	}
+}
+
+func TestWatcherID(t *testing.T) {
+	testData := []struct {
+		Input    string
+		Error    bool
+		Expected *WatcherId
+	}{
+
+		{
+			// empty
+			Input: "",
+			Error: true,
+		},
+
+		{
+			// missing SubscriptionId
+			Input: "/",
+			Error: true,
+		},
+
+		{
+			// missing value for SubscriptionId
+			Input: "/subscriptions/",
+			Error: true,
+		},
+
+		{
+			// missing ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
+			Error: true,
+		},
+
+		{
+			// missing value for ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
+			Error: true,
+		},
+
+		{
+			// missing AutomationAccountName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/",
+			Error: true,
+		},
+
+		{
+			// missing value for AutomationAccountName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/",
+			Error: true,
+		},
+
+		{
+			// missing Name
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/",
+			Error: true,
+		},
+
+		{
+			// missing value for Name
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/",
+			Error: true,
+		},
+
+		{
+			// valid
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/watcher1",
+			Expected: &WatcherId{
+				SubscriptionId:        "12345678-1234-9876-4563-123456789012",
+				ResourceGroup:         "group1",
+				AutomationAccountName: "account1",
+				Name:                  "watcher1",
+			},
+		},
+
+		{
+			// upper-cased
+			Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/GROUP1/PROVIDERS/MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/ACCOUNT1/WATCHERS/WATCHER1",
+			Error: true,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q", v.Input)
+
+		actual, err := WatcherID(v.Input)
+		if err != nil {
+			if v.Error {
+				continue
+			}
+
+			t.Fatalf("Expect a value but got an error: %s", err)
+		}
+		if v.Error {
+			t.Fatal("Expect an error but didn't get one")
+		}
+
+		if actual.SubscriptionId != v.Expected.SubscriptionId {
+			t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId)
+		}
+		if actual.ResourceGroup != v.Expected.ResourceGroup {
+			t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
+		}
+		if actual.AutomationAccountName != v.Expected.AutomationAccountName {
+			t.Fatalf("Expected %q but got %q for AutomationAccountName", v.Expected.AutomationAccountName, actual.AutomationAccountName)
+		}
+		if actual.Name != v.Expected.Name {
+			t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name)
+		}
+	}
+}
diff --git a/internal/services/automation/registration.go b/internal/services/automation/registration.go
index a7ba91348d4d..2df2fc1ecd6a 100644
--- a/internal/services/automation/registration.go
+++ b/internal/services/automation/registration.go
@@ -19,6 +19,7 @@ func (r Registration) Resources() []sdk.Resource {
 		AutomationConnectionTypeResource{},
 		HybridRunbookWorkerGroupResource{},
 		HybridRunbookWorkerResource{},
+		WatcherResource{},
 		SourceControlResource{},
 	}
 }
diff --git a/internal/services/automation/resourceids.go b/internal/services/automation/resourceids.go
index 5f231dbb971c..591489b9e533 100644
--- a/internal/services/automation/resourceids.go
+++ b/internal/services/automation/resourceids.go
@@ -14,3 +14,4 @@ package automation
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=JobSchedule -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/jobSchedules/schedule1
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Variable -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/variables/variable1
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Webhook -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/webhooks/webhook1
+//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Watcher -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/watcher1
diff --git a/internal/services/automation/validate/watcher_id.go b/internal/services/automation/validate/watcher_id.go
new file mode 100644
index 000000000000..1511691fcbc7
--- /dev/null
+++ b/internal/services/automation/validate/watcher_id.go
@@ -0,0 +1,23 @@
+package validate
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/automation/parse"
+)
+
+func WatcherID(input interface{}, key string) (warnings []string, errors []error) {
+	v, ok := input.(string)
+	if !ok {
+		errors = append(errors, fmt.Errorf("expected %q to be a string", key))
+		return
+	}
+
+	if _, err := parse.WatcherID(v); err != nil {
+		errors = append(errors, err)
+	}
+
+	return
+}
diff --git a/internal/services/automation/validate/watcher_id_test.go b/internal/services/automation/validate/watcher_id_test.go
new file mode 100644
index 000000000000..6268da6fc326
--- /dev/null
+++ b/internal/services/automation/validate/watcher_id_test.go
@@ -0,0 +1,88 @@
+package validate
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import "testing"
+
+func TestWatcherID(t *testing.T) {
+	cases := []struct {
+		Input string
+		Valid bool
+	}{
+
+		{
+			// empty
+			Input: "",
+			Valid: false,
+		},
+
+		{
+			// missing SubscriptionId
+			Input: "/",
+			Valid: false,
+		},
+
+		{
+			// missing value for SubscriptionId
+			Input: "/subscriptions/",
+			Valid: false,
+		},
+
+		{
+			// missing ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
+			Valid: false,
+		},
+
+		{
+			// missing value for ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
+			Valid: false,
+		},
+
+		{
+			// missing AutomationAccountName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/",
+			Valid: false,
+		},
+
+		{
+			// missing value for AutomationAccountName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/",
+			Valid: false,
+		},
+
+		{
+			// missing Name
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/",
+			Valid: false,
+		},
+
+		{
+			// missing value for Name
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/",
+			Valid: false,
+		},
+
+		{
+			// valid
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/watcher1",
+			Valid: true,
+		},
+
+		{
+			// upper-cased
+			Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/GROUP1/PROVIDERS/MICROSOFT.AUTOMATION/AUTOMATIONACCOUNTS/ACCOUNT1/WATCHERS/WATCHER1",
+			Valid: false,
+		},
+	}
+	for _, tc := range cases {
+		t.Logf("[DEBUG] Testing Value %s", tc.Input)
+		_, errors := WatcherID(tc.Input, "test")
+		valid := len(errors) == 0
+
+		if tc.Valid != valid {
+			t.Fatalf("Expected %t but got %t", tc.Valid, valid)
+		}
+	}
+}
diff --git a/website/docs/r/automation_watcher.html.markdown b/website/docs/r/automation_watcher.html.markdown
new file mode 100644
index 000000000000..4bf278ce773b
--- /dev/null
+++ b/website/docs/r/automation_watcher.html.markdown
@@ -0,0 +1,84 @@
+---
+subcategory: "Automation"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_automation_watcher"
+description: |-
+  Manages an Automation Watcher.
+---
+
+# azurerm_automation_watcher
+
+Manages an Automation Wacher.
+
+## Example Usage
+
+```hcl
+resource "azurerm_automation_watcher" "example" {
+  name                           = "example"
+  automation_account_id          = azurerm_automation_account.test.id
+  location                       = "West Europe"
+  script_name                    = azurerm_automation_runbook.test.name
+  script_run_on                  = azurerm_automation_hybrid_runbook_worker_group.test.name
+  description                    = "example-watcher desc"
+  execution_frequency_in_seconds = 42
+
+  tags = {
+    "foo" = "bar"
+  }
+
+  script_parameters = {
+    foo = "bar"
+  }
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `automation_account_id` (Required) The ID of Automation Account to manage this Watcher. Changing this forces a new Watcher to be created.
+
+* `name` - (Required) The name which should be used for this Automation Watcher. Changing this forces a new Automation Watcher to be created.
+
+* `execution_frequency_in_seconds` - (Required) Specify the frequency at which the watcher is invoked.
+
+* `location` - (Required) The Azure Region where the Automation Watcher should exist. Changing this forces a new Automation Watcher to be created.
+
+* `script_name` - (Required) Specify the name of an existing runbook this watcher is attached to. Changing this forces a new Automation to be created.
+
+* `script_run_on` - (Required) Specify the name of the Hybrid work group the watcher will run on.
+
+---
+
+* `description` - (Optional) A description of this Automation Watcher.
+
+* `etag` - (Optional) A string of etag assigned to this Automation Watcher.
+
+* `script_parameters` - (Optional) Specifies a list of key-vaule parameters. Changing this forces a new Automation watcher to be created.
+
+* `tags` - (Optional) A mapping of tags which should be assigned to the Automation Watcher.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported: 
+
+* `id` - The ID of the Automation Watcher.
+
+* `status` - The current status of the Automation Watcher.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
+
+* `create` - (Defaults to 30 minutes) Used when creating the Automation Watcher.
+* `read` - (Defaults to 5 minutes) Used when retrieving the Automation Watcher.
+* `update` - (Defaults to 10 minutes) Used when updating the Automation Watcher.
+* `delete` - (Defaults to 10 minutes) Used when deleting the Automation Watcher.
+
+## Import
+
+Automation Watchers can be imported using the `resource id`, e.g.
+
+```shell
+terraform import azurerm_automation_watcher.example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Automation/automationAccounts/account1/watchers/watch1
+```