How to Upload Blobs to Azure Storage from an Azure Function with Azure Managed Identities (Part 2)

az login

```text

1. Set Active Azure Subscription

This ensures that all of the subsequent commands run under the intended subscription.

```bash

az account set -s SUBSCRIPTION_NAME_OR_ID

```yaml

Parameters:

- `SUBSCRIPTION_NAME_OR_ID` The subscription that you want to activate. You can use `az account show` to show the currently set subscription.

1. Create Resource Group

This is a grouping for all of your Azure resources.

```bash

az group create -n RESOURCE_GROUP_NAME -l LOCATION

```yaml

Parameters:

- `RESOURCE_GROUP_NAME` A unique name that you create.
- `LOCATION` The location you want all your resources to live. You can use `az account list-locations -o table` to get a list of all available locations.

1. Create Blob Storage Account

This account will hold the blobs that you upload via your Azure Function.

```bash

az storage account create -n BLOB_STORAGE_ACCOUNT_NAME -g RESOURCE_GROUP_NAME --kind StorageV2 --sku Standard_LRS

```yaml

Parameters:

- `BLOB_STORAGE_ACCOUNT_NAME` A unique name that you create.
- `RESOURCE_GROUP_NAME` The name of the resource group that you created earlier.
- `--sku` - List of available SKUs can be found here: [SKU Types](https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types)

1. Give your account Blob Storage permissions

The sample uses DefaultAzureCredential, which uses AzureCliCredential under the hood to get a token to use to communicate to Azure Storage.

In order to talk with Azure Storage, your account needs to be in the Storage Blob Data Contributor role.

Get your account id:

```bash

az ad signed-in-user show --query 'objectId' -o tsv

```text

Then run the following command to assign your id to the role

```bash

az role assignment create --assignee {id from last step} --role ba92f5b4-2d11-453d-a403-e96b0029c9fe

```yaml

Parameters:

- `assignee` Your Azure account id.
- `--role` - The GUID `ba92f5b4-2d11-453d-a403-e96b0029c9fe` is the ID for the Storage Blob Data Contributor role. You can find all of the built-in Azure roles here: [Built-in roles for Azure resources](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles)

### Configure Function App to use Azure Storage

1. Set Local Settings

Open local.settings.json and ensure the following values are set:

> If you have cloned the repo, then take the settings from `local.settings.azure.json` and copy them to `'local.settings.json`

```json

{
    "IsEncrypted": false,
    "Values": {
        "AzureWebJobsStorage": "UseDevelopmentStorage=true",
        "FUNCTIONS_WORKER_RUNTIME": "dotnet",
        "AZURE_STORAGE_HOST": "blob.core.windows.net",
        "AZURE_STORAGE_ACCOUNT": "BLOB_STORAGE_ACCOUNT_NAME",
        "AZURE_STORAGE_CONTAINER": "azfuncblobs"
    }
}

```yaml

Parameters:

- `BLOB_STORAGE_ACCOUNT_NAME` The same name that you gave the storage account you created earlier.

Notes:

- We updated `AZURE_STORAGE_HOST` to `blob.core.windows.net` instead of `127.0.0.1:10000`. That setting is for Azure Public cloud, if you are using a different Azure cloud, then use `az cloud list` to find your storage host.

### Re-run the Azure Function

1. Start and Run the Function

Run the following command from the root of the project:

```bash

func start

```text

When it has finished starting it will output the URL to run the function, like this:

```bash

funcblobtest: [GET,POST] http://localhost:7071/api/funcblobtest

```javascript

Open that link in a browser. Your function will run and you will see output like the following:

```bash

00e7d1bd.txt uploaded.