Azure-Get-All-Storage-Accounts-With-Public-Blob-Containers/Azure-Get-Get-All-Storage-Accounts-With-Public-Blob-Containers.ps1 at master · AdamPaternostro/Azure-Get-All-Storage-Accounts-With-Public-Blob-Containers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Finds any storage account (Classic or ARM) that have a Blob Container with an access level other than "Off" (so it finds Public and Blob)
# You might get errors on Classic if you do not have access
# You might get errors on ARM if you do not have access (this error message states it is a permission issue)

Login-AzureRmAccount

$subscriptionList = Get-AzureRmSubscription

foreach ($s in $subscriptionList)
{
    # Note: we can write this to loop through all subscriptions
    Select-AzureRmSubscription -SubscriptionId $s.SubscriptionId

    # Gets all Azure resources
    $Resources = Get-AzureRmResource

    foreach ($r in $Resources)
    {
       $item = New-Object -TypeName PSObject -Property @{
                    Name = $r.Name
                    ResourceType = $r.ResourceType
                    ResourceGroupName = $r.ResourceGroupName
                    } | Select-Object Name,  ResourceType, ResourceGroupName

        # Do for ARM
        if ($item.ResourceType -eq "Microsoft.Storage/storageAccounts")
          {
              $string = "Processing ARM storage account: " + $item.Name
              Write-Output $string
              $Ctx = Get-AzureRmStorageAccount –StorageAccountName $item.Name -ResourceGroupName $item.ResourceGroupName

              # Get all the containers
              $containerList = Get-AzureStorageContainer -Context $Ctx.Context -MaxCount 2147483647

              foreach ($c in $containerList)
              {
                  $containerItem = New-Object -TypeName PSObject -Property @{
                                     Name = $c.Name
                                     PublicAccess = $c.PublicAccess
                                     } | Select-Object Name,  PublicAccess

                  # Test each for public
                  if ($containerItem.PublicAccess -ne "Off")
                  {
                     $string = "Subscription Name: " + $s.SubscriptionName + " (" + $s.SubscriptionId + ") Storage Account: " + $item.Name + " in RG: " + $item.ResourceGroupName + " has a public container named: " + $c.Name
                     Write-Output $string
                  }
              } # ($c in $containerList)

          }

        # Do for classic
        if ($item.ResourceType -eq "Microsoft.ClassicStorage/storageAccounts")
          {
              $string = "Processing Classic storage account: " + $item.Name
              Write-Output $string
              $Ctx = Get-AzureStorageAccount –StorageAccountName $item.Name

              # Get all the containers
              $containerList = Get-AzureStorageContainer -Context $Ctx.Context -MaxCount 2147483647

              foreach ($c in $containerList)
              {
                  $containerItem = New-Object -TypeName PSObject -Property @{
                                     Name = $c.Name
                                     PublicAccess = $c.PublicAccess
                                     } | Select-Object Name,  PublicAccess


                  # Test each for public
                  if ($containerItem.PublicAccess -ne "Off")
                  {
                     $string = "Subscription Name: " + $s.SubscriptionName + " (" + $s.SubscriptionId + ") Storage Account: " + $item.Name + " in RG: " + $item.ResourceGroupName + " has a public container named: " + $c.Name
                     Write-Output $string
                  }
              } # ($c in $containerList)

          }

    } # ($r in $Resources)

    Write-Output ""

} #foreach ($s in $subscriptionList)