Skip to content
/ azure-storage-access-test Public

Azure Bicep script to spin up a test environment for access tests against Azure Blob Storage

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

h2floh/azure-storage-access-test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.devcontainer
.devcontainer
 
 
README.md
README.md
 
 
networkinterface.bicep
networkinterface.bicep
 
 
storageaccesstest.bicep
storageaccesstest.bicep
 
 

Repository files navigation

Short test on storage account access control behavior

Create Resource Group

az group create --location koreacentral --resource-group storageaccess-test-rg

Deploy services

az deployment group create --resource-group storageaccess-test-rg -f ./storageaccesstest.bicep --name storage_test

Additional manual configuration

Go to Storage Account -> Networking

  • Add VM2 public IP
  • Add Subnet A

Storage Explorer

  • Create a blob container
  • Upload any file
  • Create SAS URI for file

Execute Test

  • Log into VM2 and do a wget <SAS URI OF FILE> -> Access Denied
    • VM2 will route through internal network and not authorize with given PublicIP
  • Log into VM1 and do a wget <SAS URI OF FILE> -> Access Granted
    • Storage IP Firewall Settings and Network Access are not combined (due to mismatch in internal network and public network configuration - I guess)

Cleanup

az group delete --resource-group storageaccess-test-rg

About

Azure Bicep script to spin up a test environment for access tests against Azure Blob Storage

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages