Skip to content

Instantly share code, notes, and snippets.

@setuc

setuc/AzureRunbook.ps1

Last active October 7, 2024 10:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save setuc/ebd6967306fa9e81c16b3436291558aa to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save setuc/ebd6967306fa9e81c16b3436291558aa to your computer and use it in GitHub Desktop.
Download ZIP
# Azure Storage Account Key Access Manager This Bash script provides an interactive way to manage the "Allow storage account key access" setting for Azure Storage Accounts.
Raw
README.md

Azure Storage Account Key Access Manager

This Bash script provides an interactive way to manage the "Allow storage account key access" setting for Azure Storage Accounts. It offers color-coded output and allows users to update accounts individually or all at once.

Features:

  • Lists all storage accounts across all resource groups with their current key access status
  • Color-coded output for easy status identification (green for enabled, red for disabled)
  • Provides a summary of total accounts and their status
  • Allows updating individual storage accounts by name
  • Option to update all disabled storage accounts at once
  • Interactive loop for multiple operations in a single session

Usage:

  1. Ensure you have Azure CLI installed and are logged in to your Azure account.
  2. Save the script and make it executable: chmod +x update_storage_accounts.sh
  3. Run the script: ./update_storage_accounts.sh
  4. Follow the prompts to list, update individual accounts, update all disabled accounts, or quit.

Note:

Use this script cautiously, especially when updating all accounts at once. Enabling storage account key access may have security implications. Always ensure you understand the changes being made to your Azure resources.

Requirements:

  • Bash shell
  • Azure CLI (logged in to your Azure account)

This script is ideal for Azure administrators who need to manage storage account key access settings across multiple accounts and resource groups.

Raw
AzureRunbook.ps1
# Connect to Azure with system-assigned managed identity as you will be able to define permissions at a RG / Sub level. Easier to manage
Connect-AzAccount -Identity
# Get all storage accounts
$storageAccounts = Get-AzStorageAccount
foreach ($account in $storageAccounts) {
$allowSharedKeyAccess = $account.AllowSharedKeyAccess
if ($allowSharedKeyAccess -eq $false) {
Write-Output "Enabling shared key access for storage account: $($account.StorageAccountName)"
# Enable shared key access
$account | Set-AzStorageAccount -AllowSharedKeyAccess $true
Write-Output "Shared key access enabled for: $($account.StorageAccountName)"
}
else {
Write-Output "Shared key access already enabled for: $($account.StorageAccountName)"
}
}
Write-Output "Script execution completed."
Raw
pdate_storage_accounts.sh
#!/bin/bash
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to list storage accounts and their settings
list_storage_accounts() {
local total_count=0
local enabled_count=0
local disabled_count=0
echo -e "${YELLOW}Current Storage Account Settings:${NC}"
echo -e "${YELLOW}--------------------------------${NC}"
for rg in $(az group list --query "[].name" -o tsv); do
for sa in $(az storage account list --resource-group $rg --query "[].name" -o tsv); do
allow_shared_key=$(az storage account show --name $sa --resource-group $rg --query "allowSharedKeyAccess" -o tsv)
if [ "$allow_shared_key" = "true" ]; then
echo -e "$sa (RG: $rg): Allow storage account key access - ${GREEN}$allow_shared_key${NC}"
((enabled_count++))
else
echo -e "$sa (RG: $rg): Allow storage account key access - ${RED}$allow_shared_key${NC}"
((disabled_count++))
fi
((total_count++))
done
done
echo ""
echo -e "${YELLOW}Summary:${NC}"
echo " Total storage accounts: $total_count"
echo -e " Accounts with key access enabled: ${GREEN}$enabled_count${NC}"
echo -e " Accounts with key access disabled: ${RED}$disabled_count${NC}"
echo ""
}
# Function to update a single storage account
update_storage_account() {
local sa=$1
local rg=$2
allow_shared_key=$(az storage account show --name $sa --resource-group $rg --query "allowSharedKeyAccess" -o tsv)
if [ "$allow_shared_key" = "false" ]; then
echo -e "Enabling storage account key access for ${YELLOW}$sa${NC} in resource group ${YELLOW}$rg${NC}"
az storage account update --name $sa --resource-group $rg --allow-shared-key-access true
echo -e "${GREEN}Storage account key access has been enabled for $sa${NC}"
return 0
else
echo -e "${YELLOW}$sa${NC} already has storage account key access enabled. Skipping."
return 1
fi
}
# Function to update all disabled storage accounts
update_all_storage_accounts() {
local updated_count=0
local total_count=0
echo -e "${YELLOW}Updating all disabled storage accounts...${NC}"
for rg in $(az group list --query "[].name" -o tsv); do
for sa in $(az storage account list --resource-group $rg --query "[].name" -o tsv); do
((total_count++))
if update_storage_account $sa $rg; then
((updated_count++))
fi
done
done
echo -e "${GREEN}Updated $updated_count out of $total_count storage accounts.${NC}"
}
# List all storage accounts
list_storage_accounts
# Main loop for user interaction
while true; do
echo -e "${YELLOW}Enter the name of a storage account to update, 'all' to update all disabled accounts, or 'q' to quit:${NC}"
read input
if [ "$input" = "q" ]; then
break
elif [ "$input" = "all" ]; then
update_all_storage_accounts
else
# Find the resource group for the given storage account
rg=$(az storage account list --query "[?name=='$input'].resourceGroup" -o tsv)
if [ -z "$rg" ]; then
echo -e "${RED}Storage account $input not found. Please try again.${NC}"
else
update_storage_account $input $rg
fi
fi
echo ""
done
echo "Exiting. Here's the final state of your storage accounts:"
list_storage_accounts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment