How to get the usage for an storage account in Microsoft azure using powershell.
I am able to get the storage accounts present in an subscription. But these variables are not exposing any methods by which i can get the usage of an storage account.
I'd say the easiest way (afaik) would be to enable Storage analytics metrics on the storage account and then fetch and aggregate on the logs.
Example (enable metric on Blob)
Set-StorageServicePropertiesForAnalytics -ServiceName "Blob" -StorageAccountName "<Storage Account Name>" -StorageAccountKey "<Storage Account Key>" -MetricsEnabled -MetricsRetentionPolicyDays 7 -MetricsRetentionPolicyEnabled
NB: You have to wait for a while (a day) after enabling the log
Then aggregate (and fetch the usage on the storage account after a day or so):
$logName = "C:\tmp\StorageAccount.log";
Get-StorageAnalyticsMetrics -DataType "Capacity" -ServiceName "Blob" -LocalPath $logName -StorageAccountName "<StoragE account name"> -StorageAccountKey "<Storage account key>"
$results = (Import-Csv $logName | Where-Object { $_.Category -eq "data" } | Select-Object -Last 1 #{Name="AccountName";Expression={"My storage account"}}, Time, "Capacity (bytes)", "Container count", "Object count")
$results
Should give you a data set which is easy to display and aggregate on. You could also iterate multiple storage accounts / containers and split this if you want.
This example only fetches for the blob service. You can also get storage analytics used for other services (table/queue etc); however as specified in the documentation the capacity metric is only available for the blob storage.
For more information on storage account analytics and options see here:
http://msdn.microsoft.com/en-us/library/windowsazure/hh343258.aspx
Please note that after enabling the analytics on the Storage account, you'll have to wait before exporting the logs and aggregating on the data.
Related
Requirement is to store the file in Storage account through Azure functions in PowerShell using Az module. Please help.
$todaydate = Get-Date -Format MM-dd-yy
$LogFull = "AzureScan-$todaydate.log"
$LogItem = New-Item -ItemType File -Name $LogFull
" Text to write" | Out-File -FilePath $LogFull -Append
First of all, what you need to figure out is the input of your function and how you're handling that. If you're just wanting to write a file to blob storage everytime an HTTP triggered Azure function is executed then that is simple enough.
There are a number of elements that come into play when working with blob storage with Azure Functions however that you will need to understand to develop a working solution.
Managed Identities
Azure Funtions are able to be assigned an identity so that you can grant access to the FunctionApp itself rather than having to authenticate as a user. This means you don't have to handle the authentication aspect of your function to access the storage account content and you just need to grant your FunctionApp the relevant permissions to read/write/delete blob or storage content.
There are a number of built in RBAC roles in AzureAD which you can grant to access storage accounts and blobs etc.
You can find the documentation on the RBAC permissions for that here: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage
and the documentation on how to activate a managed identity on your functionApp can be found here: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#add-a-system-assigned-identity
Storage Account(s)
Programmatically accessing storage account contents depends on the permissions but you can use the access keys associated to the storage account which provide access to at the storage account level
You can read about the access keys here: https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys
Just remember that least-privilege access should be adopted and if you leak your keys then someone could access your data.
PowerShell Commands
The PowerShell commands required for programmatically accessing storage accounts and writing blob data can be summarised below
# Variables required - Fill these out
$storageAccountName = '<Insert Storage Account Here'
$containerName = '<Insert StorageContainer Name Here>'
# Set the context to the subscription you want to use
# If your functionApp has access to more than one subscription it will load the first subscription by default.
# Possibly a good habit to be explicit about context.
Set-AzContext -Subscription $subscription
# Get the Storage Account Key to authenticate
$storAccKeys = Get-AzStorageAccountKey -ResourceGroupName 'Storage-ResourceGroup' -Name $storageAccountName
$primaryKey = $storAccKeys | Where-Object keyname -eq 'key1' | Select-Object -ExpandProperty value
# Create a Storage Context which will be used in the subsequent commands
$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $primaryKey
# Attempt to create a container in the storage account. Handle Error appropriately.
try {
New-AzStorageContainer -Name $containerName -Context $storageContext -ErrorAction Stop
}
catch [Microsoft.WindowsAzure.Commands.Storage.Common.ResourceAlreadyExistException] {
Write-Output ('Container {0} already exists in Storage Account {1}' -f $containerName, $storageAccountName)
# Throw Here if you want it to fail instead.
}
catch {
throw $_
}
# Upload your file here. This may vary depending on your function input and how you plan to have your functionApp work.
Set-AzStorageBlobContent -Container $containerName -File ".\PlanningData" -Blob "Planning2015"
You can see the documentation on Set-AzStorageBlobContent for examples on that here:
https://learn.microsoft.com/en-us/powershell/module/az.storage/set-azstorageblobcontent?view=azps-6.2.1#examples
Generally though you will need a file to upload to blob storage and you can't just write directly to a file in blob storage.
If you need to read more on the Azure Functions side of things then there is the quickstart guide:
https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-powershell
Or the Developer Reference on MS docs is really detailed:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal
I'm trying to create a powershell script to backup a SQL database on Azure to a storage account as below,
$exportRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName
$ResourceGroupName -ServerName $ServerName `
-DatabaseName $DatabaseName -StorageKeytype $StorageKeytype -StorageKey
$StorageKey -StorageUri $BacpacUri `
-AdministratorLogin $creds.UserName -AdministratorLoginPassword $creds.Password
This is the document i'm following,
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-export
I assume the following,
$ResourceGroupName - my azure resource group
$ServerName - db server name
$DatabaseName - database name
**$StorageKeytype - NOT SURE WHAT VALUE SHOULD BE PLACED HERE**
**$StorageKey - I'm hoping this is one of the access keys under the azure storage account**
$BacpacUri - Azure storage account bacpac URI path
Please advice what parameters need to passed here.
Please advice what parameters need to passed here.
StorageKey : Specifies the access key for the storage account.
StorageKeyType:
Specifies the type of access key for the storage account.
The acceptable values for this parameter are:
StorageAccessKey. This value uses a storage account key.
SharedAccessKey. This value uses a Shared Access Signature (SAS) key.
For more details, refer to this link.
I can issue a request to start a recovery job using Restore-AzureRmRecoveryServicesBackupItem, which will restore the given recovery point (in this case, a VHD) to the storage account provided. Is there a way to derive the location that the blob is being written to from the AzureRM API or Powershell commandlets?
Getting the recovery job:
$recoveryJob = Restore-AzureRmRecoveryServicesBackupItem `
-RecoveryPoint $recoveryPoint `
-StorageAccountName $storageAccount.name `
-StorageAccountResourceGroupName $storageAccount.resourceGroupName
... but $recoveryJob does not have the storage destination. Get-AzureRmRecoveryServicesBackupJobDetails does not provide this information either, and I'm out of ideas.
Based on the following article i'm uploading file server information to SharePoint online.
Everything is working except for Step 7: Processing and Monitoring your SPO Migration.
The description there is:
Checking job status You can check the status of your job by viewing
the real time updates posted in the Azure storage account queue by
using the Encryption.EncryptionKey returned in step 6.
Viewing logs If you’re using your own Azure storage account, you can
look into the manifest container in the Azure Storage for logs of
everything that happened. At this stage, it is now safe to delete
those containers if you don’t want to keep them as backup in Azure.
If there were errors or warnings, .err and .wrn files will be created
in the manifest container.
If you’re using the temporary Azure storage created by
Invoke-SPOMigrationEncryptUploadSubmit in step 6, the import log SAS
URL can be obtained by decrypting the Azure queue message with the
“Event” value “JobLogFileCreate”. With the import log SAS URL, you can
download the log file and decrypt it with the same encryption key as
returned in Step 6.
I have the encryptionKey and ReportingQueueUri, there is no explanation on how to use them, trying with Azure Storage Explorer i opened the reporting queue but its all encrypted there and there is no option to use the encryptionKey.
If anyone did this or know how to i'd really appreciate some help.
One has to use two other cmdlets, Get-SPOMigrationJobProgress and Get-SPOMigrationJobStatus
$job = Invoke-SPOMigrationEncryptUploadSubmit `
-SourceFilesPath $sourceFiles `
-SourcePackagePath $targetPackage `
-Credentials $creds `
-TargetWebUrl $targetWebUrl
$encryption = $job.Encryption
$queueLink = $job.ReportingQueueUri.AbsoluteUri
$jobID = $job.jobid
Get-SPOMigrationJobProgress -AzureQueueUri $queueLink `
-Credentials $creds `
-TargetWebUrl $targetWebUrl `
-JobIds $jobID `
-EncryptionParameters $encryption
Get-SPOMigrationJobStatus -TargetWebUrl $targetWebUrl -Credentials $creds -JobId $jobID
I am trying to set Azure Rm Subscription (Get-AzureRMSubscription) CurrentStorageAccount to a particular arm storage account (Get-AzureRmStorageAccount) and I am not able to find a cmdlet that does that.
With regular old azure cmdlets I am able to do following to set CurrentStorageAccount as
$subscription = Get-AzureSubscription
Set-AzureSubscription -SubscriptionName $subscription.SubscriptionName -CurrentStorageAccountName "somestorageaccount"
Get-AzureSubscription | select *
This set's it. But I cannot do this inside arm cmdlets.
Another thing that is confusing is that I am using the same subscription eg. Visual Studio Enterprise. And using both arm and regular cmdlets get-azuresubscription I get the same subscription but why is one showing -CurrentStorageAccount and another subscription not showing -CurrentStorageAccount.
To set the default RM subscription for the current session in PowerShell use
Get-AzureRmSubscription –SubscriptionName "MyFavSubscription" | Select-AzureRmSubscription
and to set the default RM storage context for the current session
Set-AzureRmCurrentStorageAccount –ResourceGroupName "MyFavResourceGroup" `
–StorageAccountName "MyFavStorageAccountName"
First, you must set your default subscription.
$SubscriptionName = "MyDefaultSubscription"
Select-AzureSubscription -SubscriptionName $SubscriptionName –Default
In other cases, you can set your default subscription location.
# For example, South Central US
$Location = "South Central US"
Then get your storage account name/s
$StorageAccountName = (Get-AzureStorageAccount)[0].label
Notice the number zero? It indicates the numbering of your storage. The numbering starts with 0. If you use the command Get-AzureStorageAccount, it will list all of your (classic) storage accounts. For that you can choose your desired storage.
Then lastly, set your default storage account.
Set-AzureSubscription -SubscriptionName $SubscriptionName -CurrentStorageAccountName $StorageAccountName
That commandlet is called Set-AzureRMCurrentStorageAccount.
Exactly as you said, set-azureRmCurrentStorageAccount -context $Ctx will set your default Storage account to context. I also can't find any articles to get out explanation on this. I think you can try to use Azure CLI to set your default Azure storage account in environment variables.