Add Azure Custom Script Extension from Blob to Virtual Machine Scale Set by Powershell

Question

To do this with a script that is publicly available this is no Problem using:

$publicSettings = @{
    "fileUris" = (,"$uri");
    "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File azure_cse_vm_initial_script.ps1 $argument"
}

Write-Host "  ==> Add-AzureRmVmssExtension"
Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss `
    -Name "customScript" `
    -Publisher "Microsoft.Compute" `
    -Type "CustomScriptExtension" `
    -TypeHandlerVersion 1.8 `
    -Setting $publicSettings

But how to do in case I use a storage account with a blob container? Can the access key be added to the Settings object? But how? And what to use for the URL.

The script I want to run should not be public accessible because it is the Installation script of my application.

Thanks, Daniel

Answer 1

I would create a shared access signatur for that script (see Using shared access signatures). Then you can simple add the SAS token to the URI. E. g:

https://myaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=2015-04-05&st=2015-04-29T22%3A18%3A26Z&se=2015-04-30T02%3A23%3A26Z&sr=b&sp=rw&sip=168.1.5.60-168.1.5.70&spr=https&sig=Z%2FRHIX5Xcg0Mq2rqI3OlWTjEg2tYkboXr1P9ZUXDtkk%3D

Answer 2

You could also use storage account name and storage account key to download the script: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows#extension-schema