Storage account related commands: ================================= Delete a storage account: ------------------------- :: $ az storage account delete -y -n dolsa0x001 -g rg0x001 display public access attribute: #------------------------------- :: az storage account list \ --query '[].{Name:name,PubAccess:allowBlobPublicAccess}' \ --output table Name PubAccess -------- ----------- dolnfssa True List encryption service status: ------------------------------- :: $ az storage account show -g rg0x001 -n dolsa0x003 --query encryption.services { "blob": { "enabled": true, "keyType": "Account", "lastEnabledTime": "2022-05-29T16:05:07.075247+00:00" }, "file": { "enabled": true, "keyType": "Account", "lastEnabledTime": "2022-05-29T16:05:07.075247+00:00" }, "queue": { "enabled": true, "keyType": "Account", "lastEnabledTime": "2022-05-29T16:05:07.075247+00:00" }, "table": null } Verify a storage account name is available: ------------------------------------------- :: $ az storage account check-name -n testing { "message": "The storage account named testing is already taken.", "nameAvailable": false, "reason": "AlreadyExists" } Creating storage accounts: -------------------------- Scripting this effort is probalby a good idea. My mksa script creates the storage account, adds a network rule, then sets the default action to deny: Create sa: .......... :: $ az storage account create -g ${rg} -n ${sa} \ --encryption-services table \ --access-tier hot -k true -q Account -l centralus \ --allow-blob-public-access true --sku Standard_LRS \ --kind StorageV2 --https-only true \ --min-tls-version TLS1_2 --public-network-access Enabled \ --tags env=test -i false \ --output none Add network rule: ................. :: $ az storage account network-rule add -g ${rg} \ -n ${sa} --ip-address ${myip} --output none Set default action: ................... :: $ az storage account update -g ${rg} -n ${sa} \ --default-action Deny --output none Allowing/Denying default internet access: ----------------------------------------- :: $ az storage account update -g rg0x002 -n sa0x002 --default-action [ Allow | Deny ] Add IP restrictions: -------------------- :: $ az storage account network-rule add -g rg0x002 -n sa0x002 --ip-address ${myip} $ az storage account network-rule add -g rg0x002 -n sa0x002 --ip-address ${cidr} Generating a SAS token: ----------------------- Generic: ......... :: $ end=`date -v+12H '+%Y-%m-%dT%H:%MZ'` $ az storage account generate-sas --permissions cdlruwap \ --account-name sa0x002 --services b --resource-types sco \ --expiry ${end} 2>/dev/null "[[sas token snipped]]" Assign to a variable: ..................... :: $ t=$(az storage account generate-sas --permissions cdlruwap \ --account-name sa0x002 --services b --resource-types sco \ --expiry ${end} 2>/dev/null) Creating a new blob: -------------------- :: $ base=https://sa0x002.blob.core.windows.net $ b=bl0x002 $ azcopy make "${base}/${b}?${t}" Successfully created the resource. Copying a directory recursively: -------------------------------- :: $ d=golang $ azcopy copy ${d} "${base/${b}}/?${t}" --follow-symlinks --put-md5 \ --disable-auto-decoding=false --recursive --log-level=INFO Listing out the contents: ------------------------- :: $ azcopy list "${base}/${b}}/ansible/?${t}" INFO: Ansible_cfg; Content Length: 325.00 B INFO: dol.cfg; Content Length: 37.44 KiB INFO: mkenv.yml; Content Length: 3.38 KiB INFO: mkrg.yml; Content Length: 217.00 B INFO: mkvnet.yml; Content Length: 310.00 B INFO: testies.yml; Content Length: 267.00 B INFO: times; Content Length: 762.00 B INFO: files/dkoleary.pub; Content Length: 393.00 B INFO: azcopy: A newer version 10.16.1 is available to download INFO: group_vars/all; Content Length: 1.49 KiB INFO: tasks/mkvms.yml; Content Length: 1.39 KiB INFO: tasks/nsg-basic.yml; Content Length: 194.00 B INFO: tasks/nsg-https.yml; Content Length: 492.00 B INFO: tasks/nsg-mysql-https.yml; Content Length: 1.12 KiB INFO: tasks/nsg-ssh.yml; Content Length: 537.00 B INFO: tasks/public_vm.yml; Content Length: 1.19 KiB INFO: inventory/hosts; Content Length: 10.00 B