Storage account related commands:¶
Delete a storage account:¶
$ az storage account delete -y -n dolsa0x001 -g rg0x001
display public access attribute: #——————————-
az storage account list \
--query '[].{Name:name,PubAccess:allowBlobPublicAccess}' \
--output table
Name PubAccess
-------- -----------
dolnfssa True
List encryption service status:¶
$ az storage account show -g rg0x001 -n dolsa0x003 --query encryption.services
{
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2022-05-29T16:05:07.075247+00:00"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2022-05-29T16:05:07.075247+00:00"
},
"queue": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2022-05-29T16:05:07.075247+00:00"
},
"table": null
}
Verify a storage account name is available:¶
$ az storage account check-name -n testing
{
"message": "The storage account named testing is already taken.",
"nameAvailable": false,
"reason": "AlreadyExists"
}
Creating storage accounts:¶
Scripting this effort is probalby a good idea. My mksa script creates the storage account, adds a network rule, then sets the default action to deny:
Create sa:¶
$ az storage account create -g ${rg} -n ${sa} \
--encryption-services table \
--access-tier hot -k true -q Account -l centralus \
--allow-blob-public-access true --sku Standard_LRS \
--kind StorageV2 --https-only true \
--min-tls-version TLS1_2 --public-network-access Enabled \
--tags env=test -i false \
--output none
Add network rule:¶
$ az storage account network-rule add -g ${rg} \
-n ${sa} --ip-address ${myip} --output none
Set default action:¶
$ az storage account update -g ${rg} -n ${sa} \
--default-action Deny --output none
Allowing/Denying default internet access:¶
$ az storage account update -g rg0x002 -n sa0x002 --default-action [ Allow | Deny ]
Add IP restrictions:¶
$ az storage account network-rule add -g rg0x002 -n sa0x002 --ip-address ${myip}
$ az storage account network-rule add -g rg0x002 -n sa0x002 --ip-address ${cidr}
Generating a SAS token:¶
Generic:¶
$ end=`date -v+12H '+%Y-%m-%dT%H:%MZ'`
$ az storage account generate-sas --permissions cdlruwap \
--account-name sa0x002 --services b --resource-types sco \
--expiry ${end} 2>/dev/null
"[[sas token snipped]]"
Assign to a variable:¶
$ t=$(az storage account generate-sas --permissions cdlruwap \
--account-name sa0x002 --services b --resource-types sco \
--expiry ${end} 2>/dev/null)
Creating a new blob:¶
$ base=https://sa0x002.blob.core.windows.net
$ b=bl0x002
$ azcopy make "${base}/${b}?${t}"
Successfully created the resource.
Copying a directory recursively:¶
$ d=golang
$ azcopy copy ${d} "${base/${b}}/?${t}" --follow-symlinks --put-md5 \
--disable-auto-decoding=false --recursive --log-level=INFO
Listing out the contents:¶
$ azcopy list "${base}/${b}}/ansible/?${t}"
INFO: Ansible_cfg; Content Length: 325.00 B
INFO: dol.cfg; Content Length: 37.44 KiB
INFO: mkenv.yml; Content Length: 3.38 KiB
INFO: mkrg.yml; Content Length: 217.00 B
INFO: mkvnet.yml; Content Length: 310.00 B
INFO: testies.yml; Content Length: 267.00 B
INFO: times; Content Length: 762.00 B
INFO: files/dkoleary.pub; Content Length: 393.00 B
INFO: azcopy: A newer version 10.16.1 is available to download
INFO: group_vars/all; Content Length: 1.49 KiB
INFO: tasks/mkvms.yml; Content Length: 1.39 KiB
INFO: tasks/nsg-basic.yml; Content Length: 194.00 B
INFO: tasks/nsg-https.yml; Content Length: 492.00 B
INFO: tasks/nsg-mysql-https.yml; Content Length: 1.12 KiB
INFO: tasks/nsg-ssh.yml; Content Length: 537.00 B
INFO: tasks/public_vm.yml; Content Length: 1.19 KiB
INFO: inventory/hosts; Content Length: 10.00 B