Search code examples
azureazure-blob-storagesftpazure-automation

Automate Azure Blob SFTP (enable-disable)

We have a very specific file that comes once a week during a 1 hour window. We've been using Azure SFTP as a cost effective solution, earlier this year they changed up the billing so we've had to manually turn it on/off each week to avoid the $240+ costs of running 24/7. We'd like to automate this so that it enables and disables once a week.

I've been trying to figure out a way to automate the enable/disable of the blob feature but haven't been able to find any way to do it with power automate or azure automation. I can't be the only one looking to do this... is possible to run Azure CLI powershell in azure automation? I can't find a definite answer in MSFT docs. Has anyone else found a way to do this?

Ideally i'd be able to run an az command like so in an azure automation powershell runbook.

az storage account update -g $resourceGroupName -n $stoAccountName --enable-sftp=true

And then run the false an hour later, but it doesn't seem to execute.

There's an excellent write up on CLI for SFTP by Jorge, with all the commands.

https://www.jorgebernhardt.com/azure-storage-blobs-enable-sftp-support/

Not sure where to go from here.

Solution

  • I tried following the @kavyaS answer but also ran into the same "socket operation encountered a dead network" errors as OP.

    I got a bit further by allowing my managed identity to access other resources:

    #give the system-assigned managed identity permission to access resources in other resource groups

MyAutomationAccount -> Identity -> System Assigned tab
Click "Azure Role Assignments" -> Add Role Assignment
  Scope: Subscription
  Subscription: MySubscription
  Role: Contributor
  Save

    I changed Connect-AzAccount to Connect-AzAccount -Identity and that succeeded, but the az commands were failing. I replaced them with Set-AzStorageAccount -EnableSftp $true but this was failing due to my version of Powershell being 5.1. I deleted my runbook and made a new one in version 7.2 and got it working.

    Here is what I did:

    #create a runbook to run the commands to switch the SFTP on

MyAutomationAccount -> Runbooks
Click "Create a Runbook"
  Name: blob-storage-sftp-enable
  Type: Powershell
  Version: 7.2
  Description: Enables SFTP on the Blob Storage account

$resourceGroupName = "my-resource-group-name"
$storageAccName = "my-storage-account-name"
Connect-AzAccount -Identity
Set-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName -EnableSftp $true

    and then did a similar one for switching the SFTP off.