Trying to run powershell scripts from azure automation account to list blob in storage account

0
votes

I am trying to run a powershell script from azure automation account, to list blobs in storage account. This storage account has network rules for selected networks only, tried to provide access keys and SAS into scripts, but still i see 403 error. How can i run my script and list blobs with network restriction?

$StorageAccountName = 'xyz'
$key = get-azstorageaccountkey -storageaccountname $StorageAccountName -resourcegroupname "xxxxxx"
$StorageAccountKeyPrimary = $key[0].value 
$ContainerName = 'xxx'
$StorageContext = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKeyPrimary
$Blobs = Get-AzStorageBlob -Container $ContainerName -Context $StorageContext | Where-Object{$_.LastModified.Date -lt (Get-Date).AddDays(-30)}
$Blobs | ft -property name, LastModified
$totalblobs = $Blobs.Count
Write-Output "Total blobs in container = $totalblobs"
2
azurepowershellazure-blob-storageazure-automation
403 is forbidden, so it's more likely to be a SAS issue than a network issue.Nick.McDermaid
I tried to add SAS as well instead of primary key, still same issue.Aditya c
Have you tried connecting with the SAS through Azure Storage Explorer? SAS keys are notoriously difficult to use. Sometimes you need to URL encode them and you need to use the correct segmentNick.McDermaid

2 Answers

0
votes

Following code should work. Note that you should enter the Access key also within the code

$StorageAccountName = "name"
$StorageAccountKeyPrimary = "your key" 
$ContainerName = "container name"
$StorageContext = New-AzStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKeyPrimary
$Blobs = Get-AzStorageBlob -Container $ContainerName -Context $StorageContext | Where-Object{$_.LastModified.Date -lt (Get-Date).AddDays(-30)}
$Blobs | ft -property name, LastModified
$totalblobs = $Blobs.Count
Write-Output "Total blobs in container = $totalblobs"
0
votes

I have recreated this issue on my subscription and got the below error.

This request is not authorized to perform this operation. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation.
ErrorCode: AuthorizationFailure
ErrorMessage: This request is not authorized to perform this operation.

When I removed the IP whitelisting I was able to access the blob. Looking at a similar issue online it seems LINK that you will need to whitelist all the IPs from the Azure data centers as suggested in the link.