Automate Azure Blob SFTP (enable-disable)

JustinMurphy
July 17, 2023
378 views
0 votes
2 Answers

We have a very specific file that comes once a week during a 1 hour window. We’ve been using Azure SFTP as a cost effective solution, earlier this year they changed up the billing so we’ve had to manually turn it on/off each week to avoid the $240+ costs of running 24/7. We’d like to automate this so that it enables and disables once a week.

I’ve been trying to figure out a way to automate the enable/disable of the blob feature but haven’t been able to find any way to do it with power automate or azure automation. I can’t be the only one looking to do this… is possible to run Azure CLI powershell in azure automation? I can’t find a definite answer in MSFT docs. Has anyone else found a way to do this?

Ideally i’d be able to run an az command like so in an azure automation powershell runbook.

az storage account update -g $resourceGroupName -n $stoAccountName --enable-sftp=true

And then run the false an hour later, but it doesn’t seem to execute.

There’s an excellent write up on CLI for SFTP by Jorge, with all the commands.

https://www.jorgebernhardt.com/azure-storage-blobs-enable-sftp-support/

Not sure where to go from here.

Answers

- kavyaS
- July 6, 2023 at 2:46 pm
- 0 votes
0
Yes, you can use Azure CLI commands in a PowerShell runbook.

Create an Azure Automation account.

Create a runbook and give commands to enable sftp and then disable after an hour .
So that this runbook can be scheduled once in every week.

commands:
```
Connect-AzAccount

# Set the required variables
$resourceGroupName = "myrg"
$storageAccountName = "Staccn"

# Enable SFTP
az storage account update -g $resourceGroupName -n $storageAccountName --enable-sftp true

# Wait for one hour
Start-Sleep -Seconds 3600

# Disable SFTP
az storage account update -g $resourceGroupName -n $storageAccountName --enable-sftp false
```
Link schedule to schedule the time.

Give it required time

and schedule

Reference : Manage schedules in Azure Automation | Microsoft Learn
Login or Signup to reply.

- demoncodemonkey
- July 17, 2023 at 5:30 pm
- 0 votes
0
I tried following the @kavyaS answer but also ran into the same "socket operation encountered a dead network" errors as OP.

I got a bit further by allowing my managed identity to access other resources:
```
#give the system-assigned managed identity permission to access resources in other resource groups

MyAutomationAccount -> Identity -> System Assigned tab
Click "Azure Role Assignments" -> Add Role Assignment
  Scope: Subscription
  Subscription: MySubscription
  Role: Contributor
  Save
```
I changed Connect-AzAccount to Connect-AzAccount -Identity and that succeeded, but the az commands were failing. I replaced them with Set-AzStorageAccount -EnableSftp $true but this was failing due to my version of Powershell being 5.1. I deleted my runbook and made a new one in version 7.2 and got it working.

Here is what I did:
```
#create a runbook to run the commands to switch the SFTP on

MyAutomationAccount -> Runbooks
Click "Create a Runbook"
  Name: blob-storage-sftp-enable
  Type: Powershell
  Version: 7.2
  Description: Enables SFTP on the Blob Storage account

$resourceGroupName = "my-resource-group-name"
$storageAccName = "my-storage-account-name"
Connect-AzAccount -Identity
Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName -EnableSftp $true
```
and then did a similar one for switching the SFTP off.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.