1

I am able to Upload File From Virtual Machine To Storage Account Container using Managed Identity Through PowerShell Scripting

I followed This Microsoft Document Link: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-datalake

Followed Steps:

  1. I Signed into Azure Portal
  2. created Managed Identity Resource
  3. created one Windows VM and enabled system-assigned managed identity
  4. created Azure Storage Account & Assigned Storage Blob Data Contributor role to VM under your storage account
  5. Now connected to VM and run below PowerShell commands to get access token:
$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://storage.azure.com' -Method GET -Headers @{Metadata="true"} 
$content = $response.Content | ConvertFrom-Json 
$AccessToken = $content.access_token
  1. Followed Below PowerShell Scripts for Uploading Files from VM TO Azure Storage Container
$file = "C:\Users\VMWindows0102\Desktop\test/localfile.txt" #File path
$name = (Get-Item $file).Name

$url="https://adls0102.blob.core.windows.net/container/$($name)"

$RequestHeader = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$RequestHeader.Add("Authorization", "Bearer $AccessToken")
$RequestHeader.Add("x-ms-version", "2019-02-02")
$RequestHeader.Add("x-ms-blob-type", "BlockBlob")

$result = Invoke-WebRequest -Uri $url -Method Put -Headers $RequestHeader -InFile $file

file uploaded to container successfully from VM Local Drive

but, Now I Need Similar PowerShell Script For Downloading File From Azure Storage To Virtual Machine Local Drive Using Managed Identity Please Help...

Thanks In Advance

Improve this question

2 Answers 2

Reset to default
1

I tried to reproduce the same in my environment to download the blob files using PowerShell:

I created a virtual machine and assigned Managed Identity to assign the RBAC Role. Like below.

Azure Portal > Storage Account > Select Your Storage Account > Access Control (IAM) > Add role assignment

enter image description here

Here is the script to download the blob file using powershell.

Login to your Virtual Machine and open powershell ISE as administrator and run below powershell code to download blob file.

Connect-AzAccount -identity
$responseID = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://storage.azure.com/' `
                              -Headers @{Metadata="true"}

$val =$response.Content | ConvertFrom-Json

$access_token = $content.access_token

$Path = "C:\Venkat"

$url="https://Storageaccount.blob.core.windows.net/testcontainer/Test.txt"
$RequestHeader = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$RequestHeader.Add("Authorization", "Bearer $access_token")
$RequestHeader.Add("x-ms-version", "2019-02-02")

$result = Invoke-WebRequest -Uri $url -Headers $RequestHeader
$result.content 
$output = $result.content
Invoke-WebRequest -Headers $header -Uri $url -OutFile "C:\Venkat\Test.txt" -PassThru

Output:

enter image description here

Improve this answer
0
0

Followed Steps:

  1. I Sign into Azure Portal
  2. create Managed Identity Resource
  3. create Windows VM and enable system-assigned managed identity
  4. create Azure Storage Account & Assign Storage Blob Data Contributor role to VM under your storage account
  5. Now connect to VM and run below PowerShell commands to Download Blob to Virtual Machine using Managed Identity:
$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://storage.azure.com' -Method GET -Headers @{Metadata="true"}
$content = $response.Content | ConvertFrom-Json
$AccessToken = $content.access_token

$content.access_token
$RequestHeader = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$RequestHeader.Add("Authorization", "Bearer $AccessToken")
$RequestHeader.Add("x-ms-version", "2019-02-02")
$RequestHeader.Add("x-ms-blob-type", "BlockBlob")

$url="https://adls0102.blob.core.windows.net/container/sample.txt"
$file = "C:\Users\VMWindows0102\Desktop\test\sample.txt"

$result = Invoke-WebRequest -Uri $url -Method Get -Headers $RequestHeader -OutFile $file

Note: Here we don't Require extra Azure Managed Identity Resource Thank You

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.