Azcopy is a great command-line tool for automating Azure storage, it is a simple yet powerful command line interface that allows you to copy files to and from Azure storage and between Azure storage accounts. I was doing POC of the latest version of azcopy.exe, (There 2 different flavors available for azcopy.exe on Microsoft site, old and new (completely different parameters for both)). I am using azcopy.exe for windows version, To start working first Login to Azure cloud account with below command with tenant id.
Another troubleshooting article
Azure azcopy login error Selected user account does not exist in tenant 'Microsoft Services' and cannot access the application '579a7132-0e58-4d80-b1e1-7a1e2d337859'
azcopy login --tenant-id xxxxx-xxxxxx-uid-xxxxx-xxxxxx
You can find Tenant ID on Microsoft Azure Active Directory overview page.
Next I tested copying a single file for testing, for this I need my Storage Accounts blob container URL, which I found under properties of storage account blob.
I tested below oneliner azcopy command to copy single file from local windows computer to Azure cloud storage accounts blob.
azcopy copy 'C:\Temp\t.txt' 'https://newstorage.blob.core.windows.net/firstfolder'
While executing command I was receiving error ServiceCode= AuthorizationPermissionMismatch with Response status: 403 This request is not authorized to perfom this operation using this permission (Authorization: REDACTED) and Number of transfer failed with the file count. I checked the logs, log file is located at locally on computer at location C:\users\useraccount\.azcopy\xxx-xxxx-xx-xxx.log, It was showing similar errors in the log file.
INFO: Scanning... INFO: Authenticating to destination using Azure AD INFO: Any empty folders will not be processed, because source and/or destination doesn't have full folder support Job 9073c5d6-790b-bf40-50ec-36b43b69b309 has started Log file is located at: C:\Users\vKunal.DESKTOP-V5HF8MT\.azcopy\9073c5d6-790b-bf40-50ec-36b43b69b309.log INFO: Authentication failed, it is either not correct, or expired, or does not have the correct permission -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/vsts/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.7.0/azblob/zc_storage_error.go:42 ===== RESPONSE ERROR (ServiceCode=AuthorizationPermissionMismatch) ===== Description=This request is not authorized to perform this operation using this permission. RequestId:11498e67-d01e-005a-2659-418619000000 Time:2020-06-13T08:08:14.6932561Z, Details: PUT https://newsxxxxxxxx.blob.core.windows.net/firstfolder/t.txt?timeout=901 Authorization: REDACTED Content-Length: [9734] User-Agent: [AzCopy/10.4.3 Azure-Storage/0.7 (go1.13; Windows_NT)] X-Ms-Blob-Cache-Control: [] X-Ms-Blob-Content-Disposition: [] X-Ms-Blob-Content-Encoding: [] X-Ms-Blob-Content-Language: [] X-Ms-Blob-Content-Md5: [] X-Ms-Blob-Content-Type: [text/plain; charset=utf-8] X-Ms-Blob-Type: [BlockBlob] X-Ms-Client-Request-Id: [af8e1ba1-e4aa-49d9-6e18-bab25306bc01] X-Ms-Version: [2019-02-02] -------------------------------------------------------------------------------- RESPONSE Status: 403 This request is not authorized to perform this operation using this permission. Content-Length: [279] Content-Type: [application/xml] Date: [Sat, 13 Jun 2020 08:08:14 GMT] Server: [Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0] X-Ms-Client-Request-Id: [af8e1ba1-e4aa-49d9-6e18-bab25306bc01] X-Ms-Error-Code: [AuthorizationPermissionMismatch] X-Ms-Request-Id: [11498e67-d01e-005a-2659-418619000000] X-Ms-Version: [2019-02-02] 100.0 %, 0 Done, 1 Failed, 0 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 0.0389 Job 9073c5d6-790b-bf40-50ec-36b43b69b309 summary Elapsed Time (Minutes): 0.0667 Number of File Transfers: 1 Number of Folder Property Transfers: 0 Total Number of Transfers: 1 Number of Transfers Completed: 0 Number of Transfers Failed: 1 Number of Transfers Skipped: 0 TotalBytesTransferred: 0 Final Job Status: Cancelled
However I have owner permissions on the Azure subscription. As mentioned the error it says permission issues, You can quickly check what kind of permissions you have on storage accounts under Access control (IAM), the minimum permission you require is as shows on the Roles tab. (Storage Blob Data Contributor, Storage Account Contributor and Storage Blob Data Owner), they are BuiltinRole provided by Microsoft Azure.
As I am owner on the Azure subscription and have adequate permissions on the storage account, I tested below command to get list of files surprisingly it was working fine but not the azcopy copy command.
azcopy list 'https://newstorage.blob.core.windows.net/firstfolder'
Just to verify next I checked help with below command. While reading help I found that I am using correct command, but it caught in my mind that all the examples given are for linux path.
azcopy copy
To correct it further I replaced backward slashes with forward slashes on local file path for windows as per linux file path style notation. With this it worked fine and file transfer completed successfully.
azcopy copy 'C:/Temp/t.txt' 'https://newstorage.blob.core.windows.net/firstfolder'
I verified the uploaded file with list command, This looks good.
Useful Articles
Part 1: Create and deploy a website with Microsoft Azure web app service plan
Part 2: Configure a custom domain in Azure Web Apps
PART 1 : MICROSOFT AZURE CREATION AND CONFIGURATION OF VPN TUNNEL SERIES
PART 2 : MICROSOFT AZURE CREATING RESOURCE GROUP
PART 3 : MICROSOFT AZURE CREATING AND ADMINISTERING VIRTUAL NETWORK (VNET)
PART 3.1 : MICROSOFT AZURE POWERSHELL CREATING AND ADMINISTERING VIRTUAL NETWORK (VNET)
PART 4 : MICROSOFT AZURE CREATING AND ADMINISTRATING LOCAL NETWORK GATEWAY VPN
PART 4.1 : MICROSOFT AZURE POWERSHELL CREATING AND ADMINISTRATING LOCAL NETWORK GATEWAY
