# Get storage accountsazstorageaccountlist#Get the account name from here# BLOB STORAGE## List containersazstoragecontainerlist--account-name<name>## Check if public access is allowedazstoragecontainershow-permission \--account-name <acc-name> \-n <container-name>## Make a container publicazstoragecontainerset-permission \--public-access container \--account-name <acc-name> \-n <container-name>## List blobs in a containerazstoragebloblist \--container-name <containername> \--account-name <accountname>## Download blobazstorageblobdownload \--account-name <accountname> \--container-name <containername> \--name <blobname> \--file </path/to/local/file>## Create container policyazstoragecontainerpolicycreate \--account-name mystorageaccount \--container-name mycontainer \--name fullaccesspolicy \--permissions racwdl \--start 2023-11-22T00:00Z \--expiry 2024-11-22T00:00Z# QUEUEazstoragequeuelist--account-name<name>azstoragemessagepeek--account-name<name>--queue-name<queue-name># ACCESS KEYSazstorageaccountkeyslist--account-name<name>## Check key policies (expiration time?)azstorageaccountshow-n<name>--query"{KeyPolicy:keyPolicy}"## Once having the key, it's possible to use it with the argument --account-key## Enum blobs with account keyazstoragebloblist \--container-name <containername> \--account-name <accountname> \--account-key "ZrF40pkVKvWPUr[...]v7LZw=="## Download a file using an account keyazstorageblobdownload \--account-name <accountname> \--account-key "ZrF40pkVKvWPUr[...]v7LZw==" \--container-name <containername> \--name <blobname> \--file </path/to/local/file>## Upload a file using an account keyazstorageblobupload \--account-name <accountname> \--account-key "ZrF40pkVKvWPUr[...]v7LZw==" \--container-name <containername> \--file </path/to/local/file># SAS## List access policiesazstorage<container|queue|share|table> policylist \--account-name <accname> \--container-name <containername>## Generate SAS with all permissions using an access keyazstorage<container|queue|share|table|blob> generate-sas \--permissions acdefilmrtwxy \--expiry 2024-12-31T23:59:00Z \--account-name <acc-name> \-n <container-name>## Generate SAS with all permissions using via user delegationazstorage<container|queue|share|table|blob> generate-sas \--permissions acdefilmrtwxy \--expiry 2024-12-31T23:59:00Z \--account-name <acc-name> \--as-user --auth-modelogin \-n <container-name>## Generate account SASazstorageaccountgenerate-sas \--expiry 2024-12-31T23:59:00Z \--account-name <acc-name> \--services qt \--resource-types sco \--permissions acdfilrtuwxy## Use the returned SAS key with the param --sas-token## e.g.azstorageblobshow \--account-name <accountname> \--container-name <containername> \--sas-token 'se=2024-12-31T23%3A59%3A00Z&sp=racwdxyltfmei&sv=2022-11-02&sr=c&sig=ym%2Bu%2BQp5qqrPotIK5/rrm7EMMxZRwF/hMWLfK1VWy6E%3D' \
--name 'asd.txt'
# Get storage accountsGet-AzStorageAccount| fl# Get rules to access the storage accountGet-AzStorageAccount| select -ExpandProperty NetworkRuleSet# Get IPs(Get-AzStorageAccount| select -ExpandProperty NetworkRuleSet).IPRules# Get containers of a storage accountGet-AzStorageContainer-Context (Get-AzStorageAccount-name <NAME>-ResourceGroupName <NAME>).context# Get blobs inside containerGet-AzStorageBlob -Container epbackup-planetary -Context (Get-AzStorageAccount -name <name> -ResourceGroupName <name>).context
# Get a blob from a containerGet-AzStorageBlobContent -Container <NAME> -Context (Get-AzStorageAccount -name <NAME> -ResourceGroupName <NAME>).context -Blob <blob_name> -Destination .\Desktop\filename.txt
