New-AzureStorageAccountSASToken
Creates an account-level SAS token.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
New-AzureStorageAccountSASToken
-Service <SharedAccessAccountServices>
-ResourceType <SharedAccessAccountResourceTypes>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The New-AzureStorageSASToken cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account. You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an object-level SAS token.
Examples
Example 1: Create an account-level SAS token with full permission
PS C:\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup"This command creates an account-level SAS token with full permission.
Example 2: Create an account-level SAS token for a range of IP addresses
PS C:\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -Protocol HttpsOnly -IPAddressOrRange 168.1.5.60-168.1.5.70This command creates an account-level SAS token for HTTPS-only requests from the specified range of IP addresses.
Parameters
-Context
Specifies the Azure storage context. You can use the New-AzureStorageContext cmdlet to get an AzureStorageContext object.
| Type: | IStorageContext |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExpiryTime
Specifies the time at which the shared access signature becomes invalid.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IPAddressOrRange
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Permission
Specifies the permissions for Storage account.
Permissions are valid only if they match the specified resource type.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
For more information about acceptable permission values, see Constructing an Account SAS https://go.microsoft.com/fwlink/?LinkId=799514
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Protocol
Specifies the protocol permitted for a request made with the account SAS. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp The default value is HttpsOrHttp.
| Type: | Nullable<T>[SharedAccessProtocol] |
| Accepted values: | HttpsOnly, HttpsOrHttp |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceType
Specifies the resource types that are available with the SAS token. The acceptable values for this parameter are:
- None
- Service
- Container
- Object
| Type: | SharedAccessAccountResourceTypes |
| Accepted values: | None, Service, Container, Object |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Service
Specifies the service. The acceptable values for this parameter are:
- None
- Blob
- File
- Queue
- Table
| Type: | SharedAccessAccountServices |
| Accepted values: | None, Blob, File, Queue, Table |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StartTime
Specifies the time, as a DateTime object, at which the SAS becomes valid. To get a DateTime object, use the Get-Date cmdlet.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |