AzCopy is a next-generation command-line tool for copying data from or to Azure Blob and Azure Files. Behind the scenes, Azure Storage Explorer uses AzCopy to accomplish all the data transfer operations. The key difference is Azure Storage Explorer offers a rich, matured user interface, while AzCopy is a command-line tool. With AzCopy you can copy data in the following scenarios:
- Copy data from a local machine to Azure Blobs or Azure Files
- Copy data from Azure Blobs or Azure Files to a local machine
- Copy data between storage accounts
AzCopy v10 is the latest version, and it can be downloaded from here:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#download-azcopy
The following are the new features offered by v10:
- You can synchronize a file system using AzCopy, which makes AzCopy ideal for incremental copying.
- It supports ADLS Gen2 APIs.
- It supports transferring all data from Azure Blob Storage to another one.
- There are no data transfer limits.
- Additionally, files can be listed or removed from a given path.
- It supports wildcard patterns.
- Copying is done as jobs, and for every job a related log file is created. This makes it easier to track jobs and restart them in case of any failure.
- It has improved performance.
Authentication
In the case of Azure Storage Explorer, you saw different options such as connecting using Azure AD, account keys, and SAS URL. AzCopy offers two methods by which you can authenticate yourself before working with the storage accounts. Let’s take a look at the supported options. Before trying out the following commands, download AzCopy for your operating system from the aforementioned link. Also, you need to copy the executable file to your path variable. Take a look at the run instructions given by Microsoft here:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#run-azcopy
Azure Active Directory
This method is applicable only for the Azure Blobs and ADLS Gen2 services. As Azure Files doesn’t support Azure AD authentication, you cannot use this authentication type for managing Azure Files. The user who is going to authenticate using Azure AD should make sure that the Storage Blob Data Contributor role is assigned to perform write operations using Azure AD authentication.
You can run the following script by replacing the storage account name, resource group, and username in the cloud shell or any local PowerShell terminal that is connected to your Azure subscription, to assign the role to a user.
#Variables
$storageAccount = “azastorage09345” #Replace with storage account name
$rg = “storage-rg” # Replace with your resource group name
$user = “[email protected]” # Replace with the username
$role = “Storage Blob Data Contributor” # Select role
#Get Id of the Storage Account
$id = (Get-AzStorageAccount `
-StorageAccountName $storageAccount `
-ResourceGroupName $rg).Id
#Assign role
New-AzRoleAssignment `
-SignInName $user `
-Scope $id `
-RoleDefinitionName $role
#Verify role assignment
Get-AzRoleAssignment `
-Scope $id `
-RoleDefinitionName $role | Select SignInName
Once the role is assigned, you can connect AzCopy to Azure AD using the command azcopy login, and you will be asked to open the https://microsoft.com/devicelogin URL in your browser and input the code shown in the PowerShell terminal (refer to Figure 6.26).
FIGURE 6.26 AzCopy Azure AD login
In the browser, you will be asked to sign in using your credentials. Make sure that you use the credentials that have the Storage Blob Data Contributor role assigned using the script. If the sign-in was successful, you will get a message that you signed in to the Azure Storage AzCopy application. You can close the browser and continue working from your command line.