The Managed Identities for Azure Resources feature is a free service with Azure Active Directory. Formerly known as Managed Service Identity, Managed Identities for Azure Resources first appeared in services such as Azure Functions a couple of years ago. Much more recent though Azure Copy (AzCopy) now supports Azure Virtual Machines Managed Identity. This negates the need to get and manage SAS keys or certificates, and even the need for installing and leveraging the AzureRM or AzRM PowerShell modules. This makes copying files from a virtual machine to and from Azure Storage Accounts super easy.
The documentation is pretty generic, so here are the steps to leveraging Azure Virtual Machines Managed Identity with AzCopy.
Using the Azure Portal locate the Windows Azure Virtual Machine you want to use AzCopy with and enable System assigned Managed Identity under the Identity option
Also using the Azure Portal locate the Storage Account you will be copying data to/from and under Access Control (IAM) add the Virtual Machine you will be using to perform the copies with a Role Assignment of Storage Blob Data Contributor (for Write Access; Copy To) or Storage Blob Data Reader (for Read Access; Copy From)
From within the Virtual Machine which you have copied AzCopy.exe to the system32 directory and given permissions to the Storage Account perform the following one-time setup;
azcopy login
Open a web browser, copy and paste the https://microsoft.com/devicelogin URL
Enter the code from the command window into the Code dialog in the login window
Sign-in with an Admin account to authorise the VM
Setup is now complete
Simply type;
azcopy login --identity
The VM is now authenticated to Azure using AzCopy
Copy a file to the Storage Account we gave the VM permissions to;
azcopy cp sourcefile destination
e.g
azcopy cp F:\SOFTWARE\Backups\MIM\09-07-2019-08-25.zip https://mystorageaccount.blob.core.windows.net/Configs/09-07-2019-08-25.zip
With the setup all done for the VM and the permissions on the storage account we can now use these command in a script;
azcopy login --identity azcopy cp sourceFilePath destinationfile
Using AzCopy in conjunction with Managed Identity we can seamlessly copy files to and from Azure Storage without worrying about storing credentials or managing certificates.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.