Azure storage account has a property in the networking section to enable or disable public access. This option is available directly on the web portal. There are options to whitelist a specific VNet or specific IP addresses. In some scenarios, we may get some requirement to enable access to some sources which does not have a static public IP address. In this scenario, the easiest option we have is to temporarily enable public access for the required time window and disable it after that. Here we will need the use of programmatic approach to enable or disable the access. The program can be scheduled to run at intervals using Azure Automate service.

The simple python program to enable or disable the public access to Azure storage account is given below. You can modify this program as per your needs.

This program needs an Azure Service Principle which has at least contributor access to the specific Azure Storage account. The credentials are required to be updated in the program.

The dependent packages are given below.

pip install azure-identity
pip install azure-mgmt-storage

The Python program is given below.

from azure.identity import ClientSecretCredential
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import StorageAccountUpdateParameters
# Enter the subscription id, resource group name and storage account name
subscription_id = "xxxxxxxx"
resource_group_name="xxxxx"
storage_account_name="xxxx"
# Update the service principle credentials below.
credentials = ClientSecretCredential(
tenant_id="xxxxxx",
client_id="xxxxx",
client_secret="xxxxx"
)
storage_client = StorageManagementClient(credentials, subscription_id)
#Enable or disable public access (True/False) using the allow_blob_public_access parameter
az_property01 = StorageAccountUpdateParameters(allow_blob_public_access=False)
#Update the storage account with the new settings
storage_client.storage_accounts.update(resource_group_name, storage_account_name, az_property01)
view raw update_blob_pubic_access.py hosted with ❤ by GitHub

I hope this article is helpful. Feel free to comment below this article if you have any questions or feedback.