I previously wrote about consuming blob (object) storage out of Microsoft Azure for Rubrik archives in a post entitled Using AzureRM and Rubrik PowerShell Modules to Consume Azure Blob Storage. The idea was to showcase the simplicity of executing commands against Azure with my go-to language, PowerShell. In this post, I’ll extend on that original idea by using Azure Cloud Shell to do the heavy lifting.

If you are new to Azure Cloud Shell, buckle up. As per Microsoft:

Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.

The primary advantages for me are two fold: not having to configure all of the various subscription details and leveraging a remote shell in situations where network latency (not bandwidth) are of a concern.

Contents

Configuring Cloud Shell

The folks at Microsoft have a Quickstart guide to get you going. I’ll just highlight a few of the configuration options that you may choose to do ahead of time versus using the wizard.

When you first attempt to use Cloud Shell from the main Azure Cloud Shell site, Azure Portal link, Visual Studio Code extension, or wherever, you’ll be prompted to set up storage for Cloud Shell. This is because Cloud Shell has to store persistent file data somewhere in your Azure subscription. You’ll have to create a file share somewhere for it to consume.

I opted to use the “Advanced Settings” to select the Resource Group and Storage Account that made sense for my Visual Studio Enterprise subscription, which comes with $150 in credits per month. I let the wizard create my wahlnetcloudshell1 file share for me since that has zero configuration options that I’m interested in using.

Once configured, you can navigate to your Azure Portal and drill down into the file service. To do this, select the parent Storage Account from the Azure Portal and then scroll down a bit to the listed Services. Select the “Files” service to see all SMB 3.0 file shares being provided by the Storage Account. It looks familiar, right? Notice how there’s even a choice between Windows PowerShell and the new “pwsh” PowerShell. Groovy!

Running Commands in Cloud Shell

The remainder of the Cloud Shell experience is fairly familiar. The big difference is that all of my subscription details are already loaded because I have already been authenticated to Azure with my account.

For example, if I want to create a private storage container to connect into Rubrik for archive purposes, all I have to do is get my Storage Account object and pipe it into the New-AzureStorageContainer cmdlet. Done!

Azure:\
PS Azure:\> Get-AzureRmStorageAccount -ResourceGroupName 'production-southcentral' -Name 'wahlnetprodstorage1' | New-AzureStorageContainer -Name 'wahlnetprodcontainer1'

   Blob End Point: https://wahlnetprodstorage1.blob.core.windows.net/
Name                 PublicAccess         LastModified
----                 ------------         ------------
wahlnetprodcontai... Off                  2018-03-29 23:53:11Z

The other sort of fun feature is that you can either ls or dir into your subscriptions. I’ve obfuscated the id values, but you get the drift. By navigating through the subscriptions as if they were folders, I can start drilling into objects held within that subscription.

PS Azure:\> ls

    Directory: Azure:

Mode SubscriptionName         SubscriptionId                       TenantId                             State
---- ----------------         --------------                       --------                             -----
+    Pay-As-You-Go            11111111-2222-3333-4444-555555555555 11111111-2222-3333-4444-555555555555 Enabled
+    Visual Studio Enterprise 11111111-2222-3333-4444-555555555555 11111111-2222-3333-4444-555555555555 Enabled

Azure:\
PS Azure:\> cd '.\Visual Studio Enterprise\'
Azure:\Visual Studio Enterprise
PS Azure:\> ls

    Directory: Azure:\Visual Studio Enterprise

Mode Name
---- ----
+    AllResources
+    ResourceGroups
+    StorageAccounts
+    VirtualMachines
+    WebApps

Using Cloud Shell with Visual Studio Code

While using Cloud Shell via the main Azure Cloud Shell site or even within the Azure Portal is cool, my favorite way to consume Cloud Shell is via the Azure Account extension for Visual Studio Code (VS Code). This extension adds an additional Cloud Shell terminal to the bottom of VS Code in a matter of moments.

Once you’ve installed the extension, you’ll need to authenticate your instance of VS Code in order to begin using Cloud Shell. Just open the Command Palette and type Azure: Sign In to create this relationship. A small toast message will appear with a code and a link. Copy the code first, then click the link to open a web browser! Clicking the link first will close the toast message and you’ll have to go through the sign in process again to get the code to appear. This is annoying, but not the end of the world.

Once you’ve entered your Azure account and authenticated the VS Code extension, you’re ready to rock. Go back to the Command Palette and type Azure: Open PowerShell in Cloud Shell to launch a new Cloud Shell in the terminal box.

I’ve pasted an image of what this looks like below. This includes using the Get-AzureRmStorageAccount cmdlet without sending any other credentials. Wonderful!

This is a very handy way to send over commands directly into Azure without having to fuss around with a browser, nor having to worry about supplying credentials across however many subscriptions you’re dealing with. Enjoy!

Managing and Rotating API Tokens with PowerShell

Modern Data Protection with ChatOps – Using PoshBot and Rubrik APIs

Empowering Operations to Tackle Ransomware with Rubrik Polaris Radar