request-adhoc-sas-token
#define parameter Param( [Parameter(Mandatory=$True)] [string]$AzureAutomationAccount, [Parameter(Mandatory=$True)] [string]$FileWebUrl, [Parameter(Mandatory=$True)] [string]$StorageAccountName, [Parameter(Mandatory=$True)] [string]$StorageResourceGroup, [Parameter(Mandatory=$True)] [string]$StorageContainerName, [Parameter(Mandatory=$True)] [string]$BlobName, [Parameter(Mandatory=$false)] [ValidateSet("r","rw","rcw","rwcd")] [string]$AccessRights = "r", [Parameter(Mandatory=$false)] [int]$TokenLifeTime = 2 ) #get credentials from Azure Automation vault $myCredential = Get-AutomationPSCredential -Name $AzureAutomationAccount #sign in to AzureRM Login-AzureRmAccount -Credential $myCredential #get current utc time for sas token starttime and expiration $TokenStartTime = Get-Date $TokenStartTime = $TokenStartTime.ToUniversalTime() $TokenEndTime = $TokenStartTime.AddHours($TokenLifeTime) #get storageaccount key, set context to container and request adhoc SAS token $StorageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $StorageResourceGroup -AccountName $StorageAccountName).Value[0] $StorageContext = New-AzureStorageContext $StorageAccountName -StorageAccountKey $StorageAccountKey $SASKey = New-AzureStorageBlobSASToken -Protocol HttpsOnly -Container $StorageContainerName -Blob $BlobName -Context $StorageContext -Permission $AccessRights -StartTime $TokenStartTime -ExpiryTime $TokenEndTime #join file-uri and SAS token to full download uri $FullUri = "$FileWebUrl$SASKey"