Azure Storage Accounts have several endpoints associated with them that correspond to each data service type such as Blob, File Shares, Queues and Tables. By default these endpoints are public facing and get a dynamically allocated public IP address from Azure. You may be interested in tracking these IP addresses from an operational, security, or attack surface reduction perspective. However this is more challenging than it appears as the Public IP addresses aren’t associated anywhere within the resource definition of the storage account.
Luckily I developed a simple PowerShell script you can leverage to get an inventory on associated Public IP Addresses. The script is fairly straightforward and performs a DNS lookup on each primary and secondary endpoint associated with the storage account.
You can grab the script from my GitHub repo below: get-azstorageip4address.ps1
Runing the script is simple, by default it will inventory all subscriptions. You can specify the subscription parameter to only inventory select subscriptions which will take either Subscription Names or Subscription Ids. You can specify multiple subscriptions using a comma separated list.
- The script may take a while to complete if you are running it against a large number of subscriptions
The script will add several properties to the storage account PowerShell object you can leverage for reporting.
You can access the resolved ipv4 addresses via the below properties:
PrimaryBlobDNS SecondaryBlobDNS
PrimaryBlobIP4Address SecondaryBlobIP4Address
PrimaryQueueDNS SecondaryQueueDNS
PrimaryQueueIP4Address SecondaryQueueIP4Address
PrimaryTableDNS SecondaryTableDNS
PrimaryTableIP4Address SecondaryTableIP4Address
PrimaryFileDNS SecondaryFileDNS
PrimaryFileIP4Address SecondaryFileIP4Address
PrimaryWebDNS SecondaryWebDNS
PrimaryWebIP4Address SecondaryWebIP4Address
PrimaryDfsDNS SecondaryDfsDNS
PrimaryDfsIP4Address SecondaryDfsIP4Address
PrimaryMicrosoftEndpointsDNS SecondaryMicrosoftEndpointsDNS
PrimaryMicrosoftEndpointsIP4Address SecondaryMicrosoftEndpointsIP4Address
PrimaryInternetEndpointsDNS SecondaryInternetEndpointsDNS
PrimaryInternetEndpointsIP4Address SecondaryInternetEndpointsIP4Address
Aggregated list IPv4 Addresses are stored in:
PrimaryIP4Addresses
SecondaryIP4Addresses
Examples Below
Get Storage Accounts for all subscriptions
$storageAccountReport = .\get-azstorageip4address.ps1
Get Storage Accounts for a single subscription
$storageAccountReport = .\get-azstorageip4address.ps1 -Subscription 'production resources'
Get Storage Accounts for multiple subscriptions
$storageAccountReport = .\get-azstorageip4address.ps1 -Subscription 'production resources','dev resources'
Search for an IP Address
$ip = '20.150.71.134'
$storageAccountReport | Where-Object {$ip -in $_.PrimaryIP4Addresses -or $ip -in $_.SecondaryIP4Addresses}
Select all endpoint names and IPv4
$storageAccountReport | Select StorageAccountName,SubscriptionName,ResourceGroupName,PrimaryIP4Addresses,SecondaryIP4Addresses,PrimaryBlobDNS,PrimaryBlobIP4Address,PrimaryQueueDNS,PrimaryQueueIP4Address,PrimaryTableDNS,PrimaryTableIP4Address,PrimaryFileDNS,PrimaryFileIP4Address,PrimaryWebDNS,PrimaryWebIP4Address,PrimaryDfsDNS,PrimaryDfsIP4Address,PrimaryMicrosoftEndpointsDNS,PrimaryMicrosoftEndpointsIP4Address,PrimaryInternetEndpointsDNS,PrimaryInternetEndpointsIP4Address,SecondaryBlobDNS,SecondaryBlobIP4Address,SecondaryQueueDNS,SecondaryQueueIP4Address,SecondaryTableDNS,SecondaryTableIP4Address,SecondaryFileDNS,SecondaryFileIP4Address,SecondaryWebDNS,SecondaryWebIP4Address,SecondaryDfsDNS,SecondaryDfsIP4Address,SecondaryMicrosoftEndpointsDNS,SecondaryMicrosoftEndpointsIP4Address,SecondaryInternetEndpointsDNS,SecondaryInternetEndpointsIP4Address
Export to CSV
$storageAccountReport | Select StorageAccountName,SubscriptionName,ResourceGroupName,PrimaryIP4Addresses,SecondaryIP4Addresses,PrimaryBlobDNS,PrimaryBlobIP4Address,PrimaryQueueDNS,PrimaryQueueIP4Address,PrimaryTableDNS,PrimaryTableIP4Address,PrimaryFileDNS,PrimaryFileIP4Address,PrimaryWebDNS,PrimaryWebIP4Address,PrimaryDfsDNS,PrimaryDfsIP4Address,PrimaryMicrosoftEndpointsDNS,PrimaryMicrosoftEndpointsIP4Address,PrimaryInternetEndpointsDNS,PrimaryInternetEndpointsIP4Address,SecondaryBlobDNS,SecondaryBlobIP4Address,SecondaryQueueDNS,SecondaryQueueIP4Address,SecondaryTableDNS,SecondaryTableIP4Address,SecondaryFileDNS,SecondaryFileIP4Address,SecondaryWebDNS,SecondaryWebIP4Address,SecondaryDfsDNS,SecondaryDfsIP4Address,SecondaryMicrosoftEndpointsDNS,SecondaryMicrosoftEndpointsIP4Address,SecondaryInternetEndpointsDNS,SecondaryInternetEndpointsIP4Address | Export-Csv storageaccountreport.csv -NoTypeInformation