Skip to content

Commit 6b9233f

Browse files
Update 5-access-package.md
1 parent 8ad535d commit 6b9233f

File tree

1 file changed

+13
-6
lines changed

1 file changed

+13
-6
lines changed

articles/governance/machine-configuration/how-to/develop-custom-package/5-access-package.md

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,19 @@
1+
---
2+
title: How to publish custom machine configuration package artifacts
3+
description: Learn how to provide access to a machine configuration package file in Azure blob storage .
4+
ms.date: 08/28/2024
5+
ms.topic: how-to
6+
ms.custom: devx-track-azurepowershell
7+
---
18

29
# How to provide secure access to custom machine configuration packages
310
This page provides a guide on how to provide access to Machine Configuration packages stored in Azure storage by using the resource ID of a user-assigned managed identity or a Shared Access Signature (SAS) token.
4-
# Prerequisites
11+
## Prerequisites
512
- Azure subscription
613
- Azure Storage account with the Machine Configuration package
714

8-
# Steps to provide access to the package
9-
## Using a User Assigned Identity
15+
## Steps to provide access to the package
16+
### Using a User Assigned Identity
1017

1118
**1. Obtain a User-Assigned Managed Identity:**
1219
> [!IMPORTANT]
@@ -45,7 +52,7 @@ $blob = Get-AzStorageBlob -Container "YourContainerName" -Blob "YourBlobName" -C
4552

4653
This setup ensures that your Azure VMs can securely read from the specified blob container using the user-assigned managed identity.
4754

48-
## Using a SAS Token
55+
### Using a SAS Token
4956
While this next step is optional, you should add a shared access signature (SAS) token in the URL to ensure secure access to the package. The below example generates a blob SAS token with read access and returns the full blob URI with the shared access signature token. In this example, the token has a time limit of three years.
5057

5158
```powershell
@@ -64,10 +71,10 @@ $tokenParams = @{
6471
$contentUri = New-AzStorageBlobSASToken @tokenParams
6572
```
6673

67-
# Summary
74+
## Summary
6875
By using the resource ID of a user-assigned managed identity or SAS token, you can securely provide access to Machine Configuration packages stored in Azure storage. The additional parameters and flags ensure that the package is retrieved using the managed identity and that Azure Arc machines are not included in the policy scope.
6976

70-
# Next Steps
77+
## Next Steps
7178
- After creating the policy definition, you can assign it to the appropriate scope (e.g., management group, subscription, resource group) within your Azure environment.
7279
- Remember to monitor the policy compliance status and make any necessary adjustments to your Machine Configuration package or policy assignment to meet your organizational requirements.
7380

0 commit comments

Comments
 (0)