Share via

Ev2 Shell Extension with Managed Identity accessing Storage Account blob

Minh Nguyen 20 Reputation points Microsoft Employee
2024-07-03T01:07:55.2866667+00:00

This is how we're accessing using MSI: 

 

Connect-AzAccount -Identity -TenantId $env:TenantId -SubscriptionId $env:SubscriptionId

        ## Attempt to upload payload to blob:
$ctx = (Get-AzStorageAccount -ResourceGroupName $env:ResourceGroupName -Name $env:StorageAccountName).Context
        
Set-AzStorageBlobContent -Container $env:BlobContainerName -Context $ctx -File "./${ingestor}.zip" -Force

 

But I see that in the activity logs, it is still performing listkeys, is this a known ev2 action? This is blocking us from turning off shared access key to storage accoutn and I couldn't find an appropriate existing blocker

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,871 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,272 questions
0 comments
Accepted answer
  1. Amrinder Singh 4,110 Reputation points Microsoft Employee
    2024-07-03T07:06:14.0733333+00:00

    Hi Minh Nguyen - Thanks for reaching out.

    At the time you are creating the context object, try making use of below switch UseConnectedAccount which shall help formulating the context via the AD account that was used.

    $ctx = New-AzStorageContext -StorageAccountName <Storage account name>  -UseConnectedAccount

    Hope that helps!

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 44,906 Reputation points Microsoft Employee
    2024-07-03T05:54:12.8766667+00:00

    @Minh Nguyen Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    Based on the error message: Please enable Key access in the configuration settings of the Azure storage account.User's image

    Additional information: Error Message: Key based authentication is not permitted on this storage account

    Please let us know if you have any further queries. I’m happy to assist you further.    

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.