|
1 | 1 | # Azure FileShare Cleanup using REST API |
2 | 2 |
|
3 | 3 |  |
| 4 | + |
| 5 | +## 📌 Overview |
| 6 | +This repository provides a PowerShell script to **delete files and directories from an Azure FileShare using the Azure Storage REST API**. Unlike [access key–based approache](https://github.com/Handover2AI/AzureFileshareCleanup_AccessKey), this method leverages direct REST calls for fine-grained control and can be integrated into automation pipelines or restricted environments where SDKs/CLI tools are not available. |
| 7 | + |
| 8 | +--- |
| 9 | + |
| 10 | +## 🚀 Features |
| 11 | +- The script acquires a Bearer token using either Managed Identity or user login (Connect-AzAccount). |
| 12 | +- Recursively traverses directories until all eligible files are processed. |
| 13 | +- It uses Azure Storage REST API (Invoke-RestMethod and Invoke-WebRequest) to list and delete files. |
| 14 | +- Files are deleted if their Last-Modified timestamp is older than the cutoff. |
| 15 | +- No Az.Storage or Az.Files modules are required — only Az.Accounts for token acquisition. |
| 16 | +- Lightweight and dependency-free (no Az PowerShell modules required). |
| 17 | +- Ideal for **automation jobs**, **restricted environments**, or **custom integrations**. |
| 18 | + |
| 19 | +--- |
| 20 | + |
| 21 | +## ⚙️ Prerequisites |
| 22 | +Before running the script, ensure you have: |
| 23 | +- Proper **network access** to the Azure FileShare endpoint. |
| 24 | + - (https://<storageaccount>.file.core.windows.net/...). The Automation Account must be able to reach this endpoint. |
| 25 | +- **Azure Automation Account** with **PowerShell 7.2 runtime** |
| 26 | +- **System-assigned managed identity** enabled for the Automation Account |
| 27 | +- Managed identity assigned the following role on the storage account: |
| 28 | + - `Storage File Data Privileged Contributor` |
| 29 | +- Az.Accounts module must be available in the Automation Account runtime (it is included by default in 7.2). |
| 30 | +- If you set `$useManagedIdentity = $false`, then the script will use the logged-in user’s identity. In that case, the user must also have the same `Storage File Data Privileged Contributor` role on the storage account. |
| 31 | + |
| 32 | +--- |
| 33 | + |
| 34 | +## 🔧 Configuration |
| 35 | +The script defines the following parameters: |
| 36 | + |
| 37 | +| Parameter | Description | Example Value | |
| 38 | +|----------------------|-----------------------------------------------------------------------------|---------------------------| |
| 39 | +| `storageAccount` | Name of the storage account | `stsamaks8dsc` | |
| 40 | +| `fileShare` | Name of the file share | `fslogix` | |
| 41 | +| `cutoffHours` | Number of hours; files older than this will be deleted | `24` | |
| 42 | +| `useManagedIdentity` | Use managed identity or logged in user's identity (interactive runs) | `$true` | |
| 43 | + |
| 44 | +--- |
| 45 | + |
| 46 | +## ▶️ Usage |
| 47 | +1. Import the script into your Automation Account as a **PowerShell runbook**. |
| 48 | +2. Configure the runbook to use **PowerShell 7.2 runtime**. |
| 49 | +3. Ensure the Automation Account’s managed identity has the required roles. |
| 50 | +4. Set up a **schedule** to run the runbook daily (or at your desired frequency). |
| 51 | + |
| 52 | +--- |
| 53 | + |
| 54 | +## 🤝 Contributing |
| 55 | +Please read [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to contribute. |
| 56 | +We expect all contributors to follow our [Code of Conduct](CODE_OF_CONDUCT.md). |
| 57 | + |
| 58 | +--- |
| 59 | + |
| 60 | +## ✍️ Author |
| 61 | +Created and maintained by **Handover2AI-byExistence**. |
| 62 | +If you find this useful, feel free to star ⭐ the repo or open issues for improvements. |
| 63 | + |
| 64 | +--- |
0 commit comments