Azure - Davz33/tutorials GitHub Wiki

IAM & access control

Azure Active Directory (AAD)

note: below are azure cli commands

List users

az ad user list

Create User

az ad user create --display-name
                  [--force-change-password-next-sign-in {false, true}]



Add permissions for container

First, list all storage accounts. Thereof, we are interested in the scope, namely what comes after "id" elements.
az storage account list | grep id
you'll get something as:

Having identified the scope, and knowing your container name you can now:

az role assignment create \ --role "Owner" \ --assignee <your-id> \ --scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>"

Copy to azure blob via azcopy

logging in via AAD

After having assigned the roles for access appropriately, you need to install azcopy on the machine where you'll copy from.
azcopy login --tenant-id=<AAD-tenant-id>


single file

az copy "[path-to-file]" "https://[account][container]/[path/to/container-directory]"


az copy "[path-to-file]" "https://[account][container]/[path/to/container-directory]" --recursive=true


Create and push local image to Azure Container Registry

After creating your container registry, you can spawn an admin user and (2) passwords. This practice is not avised unless temporarily for pushing your image. You should deactivate your admin credentials in the end. Alternatively, you can assign pull/push roles to an azure server principal.

read -sp "Continer Registry Admin Credentials: " SP_PASSWD && echo && docker login <registryname> --username <admin-usr> --password $SP_PASSWD
docer images
docker tag <your-image-id> <registryname><tag>
docker push <registryname><tag>```
⚠️ ** Fallback** ⚠️