How to access Azure shell file share storage which is private?

Question

I am using azure shell to perform terraform commands locally. But due to security issues out company security engineer has made all services private or disables public access. I am getting error as "Warning: Failed to mount the Azure file share. Your cloud drive won't be available.                                                                                                   Your Cloud Shell session will be ephemeral so no files or system changes will persist beyond your current session." I can get my files back when I turn on public access, but now I want to somehow want to mount & access the shell privately. Can anyone suggest me steps to be taken?

Answer 1

Azure Private Endpoint allows you to securely access your storage account over a private IP address in your virtual network.

• Create a virtual network
• Create a private endpoint
  Azure Portal > Storage Account > Private Endpoint connections > Security + networking >
  Click on "+ Private Endpoint > Select your subscription, resource group, and the region
• Configure the private endpoint
  Create a private endpoint Wizard > Resource" tab > the target sub-resource as "file" for Azure file share.
• Update the private DNS zone
  After the private endpoint is created, you need to update the private DNS zone with an alias (A) record mapping the storage account's FQDN to the private IP address of the private endpoint. This can be done automatically when creating the private endpoint by enabling "Private DNS integration" or manually by adding a DNS record to your custom DNS server.
• Configure Cloud Shell
  Click on the Cloud Shell icon in the top-right corner.
  In the Cloud Shell pane, click on the settings icon (gear) and choose "Storage" from the dropdown.
  Update the storage account and file share information to point to your storage account with the private endpoint. After completing these steps, you should be able to access your Azure Cloud Shell with a private file share storage. Note that you will need to be connected to the virtual network (either directly or via a VPN) to access the Cloud Shell when using a private endpoint.

Answer 2

@John Welcome to Microsoft Q&A Forum, Thank you for posting your query here! If your company has disabled public access and made all services private, you will need to set up a private endpoint for your Azure file share in order to mount and access it from the Azure Cloud Shell privately. Here are the steps you can take to set up a private endpoint:

1. Create a virtual network: You will need to create a virtual network to which you will later attach the private endpoint. You can create a virtual network by following the steps outlined in the Azure documentation: https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-portal.
2. Create a subnet: You will need to create a subnet within the virtual network that you created in step 1. You can create a subnet by following the steps outlined in the Azure documentation: https://docs.microsoft.com/en-us/azure/virtual-network/manage-subnet.
3. Create a private endpoint: Once you have created a virtual network and a subnet, you can create a private endpoint for your Azure file share. You can create a private endpoint by following the steps outlined in the Azure documentation: https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal.
4. Configure your Azure file share: After you have created a private endpoint for your Azure file share, you will need to configure your file share to use the private endpoint. You can do this by following the steps outlined in the Azure documentation: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-how-to-use-files-portal-private-endpoints.
5. Mount your Azure file share: Once you have configured your Azure file share to use the private endpoint, you can mount it from your Azure Cloud Shell by specifying the private endpoint's DNS name as the mount point. For example, if your private endpoint's DNS name is "myprivateendpoint.file.core.windows.net", you would mount your Azure file share using the following command:

sudo mount -t cifs //<myprivateendpoint.file.core.windows.net>/<file_share_name> /mnt/<mount_point> -o vers=3.0,username=<storage_account_name>,password=<storage_account_key>,dir_mode=0777,file_mode=0777

Note that you will need to replace <myprivateendpoint.file.core.windows.net> with the DNS name of your private endpoint, <file_share_name> with the name of your Azure file share, <mount_point> with the path to the directory where you want to mount your file share, <storage_account_name> with the name of your storage account, and <storage_account_key> with the access key for your storage account.

Additional information: Connect to Azure Cloud Shell: Once the private endpoint is configured, you can connect to Azure Cloud Shell and mount the file share using the private endpoint. To do this, you will need to use the net use command to map the file share to a drive letter in Azure Cloud Shell. By following these steps, you should be able to set up a private endpoint for your Azure file share and mount it from your Azure Cloud Shell privately Please let us know if you have any further queries. I’m happy to assist you further. Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.