How to enable and disable SFTP on an Azure blob storage using a python program ?

SFTP is a feature available on Azure Blob Storage. This can be enabled or disabled at any point of time after the creation of the storage account. By enabling SFTP, the storage account gets a public endpoint for the SFTP connectivity. This comes with an additional cost beyond the usual cost for the data storage (read, write and storage). The cost for SFTP is charged on hourly basis. So if you turn it on for a longer period without usage, you will waste a lot of money.

My recommendation is to enable the SFTP whenever needed. This can be enabled in several ways

From the Azure web portal in a single click
Using Azure CLI
Using Azure API or SDKs

Here I am explaining a simple way to enable or disable the SFTP using a python program. This program uses a service principle which has Contributor access to the storage account.

The following packages are the dependencies for this program.

pip install azure-identity
pip install azure-mgmt-storage

The program is given below.

Note: Update the variables with the values specific to your Azure account and Service principle before executing this program.

	from azure.mgmt.storage import StorageManagementClient
	from azure.identity import ClientSecretCredential

	# Update the below variables with the correct values
	subscription_id="Your-subscription-id"
	resource_group_name = "your-resource-grp-name"
	storage_account_name = "your-storage-account-name"

	# Update the below variables with the Service Principle credentials.
	AZURE_CLIENT_ID = ""
	AZURE_CLIENT_SECRET = ""
	AZURE_TENANT_ID = ""

	credential = ClientSecretCredential(
	client_id=AZURE_CLIENT_ID,
	client_secret=AZURE_CLIENT_SECRET,
	tenant_id=AZURE_TENANT_ID)

	storage_client = StorageManagementClient(credential, subscription_id)

	# Retrieve the properties of the storage account
	storage_account = storage_client.storage_accounts.get_properties(
	resource_group_name, storage_account_name
	)

	# Enable SFTP for the storage account
	storage_account.is_sftp_enabled=True
	modified_storage_account=storage_client.storage_accounts.update(
	resource_group_name, storage_account_name, storage_account
	)
	print("<–The Properties of the Modified Storage Account are given below:–>")
	print(f"Storage Account Name: {modified_storage_account.name}")
	print(f"SFTP Status: {modified_storage_account.is_sftp_enabled}")

view raw azure_blob_enable_sftp.py hosted with ❤ by GitHub

This program can be scheduled using a scheduler to enable / disable the SFTP based on your schedule and save some cost. There are schedulers available within Azure itself.

I hope this article is useful. Feel free to comment below this post if you have any questions or feedback.

All About Tech

Victory goes to the player who makes the next-to-last mistake

Leave a comment Cancel reply

Share this:

Related

Leave a comment Cancel reply