Azure Cloud Shell
Where is the Storage Coming From?
It comes from containers already running on Azure. When you click on the Azure Cloud Shell icon, your cloud shell connects to one of many containers nearest to your location.
These containers are already provisioned and are ready to serve a cloud shell session.
You get a home drive on these containers ( $home) – using your shell you’ll notice two folders present there –
- .cloudconsole is for bash files, and
- .pscloudshell is to persist you PowerShell files and modules
cd $home\clouddrive # this is where all PS modules live dir .\.pscloudshell\WindowsPowerShell\Modules
Creating the initial storage account using Powershell
$param = @{ ResourceGroupName = 'test-cloud-shell-storage' Name = 'NewTestStorageAccount' SkuName = 'Standard_LRS' Location = 'south central us' } New-AzureRmStorageAccount @param -verbose
Dismount-CloudDrive -Force -Verbose
Figuring out which File Share and Storage Account Azure is using
First read the docs 🙂
The DF command PS /home/myusename> df
Mapping your LOCAL drive to the Azure File Share
Cloud Shell in Azure allows you to map your local workstation drive to transfer files to Azure. This seems to me to be counterintuitive and insecure. Also read – Google App Engine via gcloud.
Azure will kindly provide you with the powershell script to map your local drive – using the Get-PSdrive cmdlet in powershell. However, you will most likely encounter ‘ The specified network name is no longer available…’ error.
To get around this error (i.e. to successfully map a local drive to the Azure file share )
- You may have to disable antivirus
- You need to enable SMB file share (from ‘Turn Windows Features on / off’). That too SMB 1.0 – with known security holes.
- Enable services Computer Browser, Server & Workstation
With these steps, I was able to surmount ‘ the specified network name is no longer available ‘ error – and get a local drive mounted on the same file share that cloud shell was using. But, I basically left my local workstation in a vulnerable state (disabled antivirus, enabled SMB 1.0 sharing)
Summary – Azure Cloud Shell Security
Why a cloud service should require local storage from your desktop is beyond me. GCP accomplishes the same thing by launching an entire lightweight VM as part of it’s cloud shell. All with a built-in code editor. And no security loopholes.
Ready to start a conversation? Set up a 1 on 1 appointment with Anuj to assist with your cloud journey.
Leave a Reply