azcopy-aad-download.sh

#1) Create VM

#2) Create Storage account

#3) Register an application with Azure AD and create a service principal
# https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#register-an-application-with-azure-ad-and-create-a-service-principal

#4) create a client secret or upload certificate for your service principal to use
# https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#authentication-two-options

#5) Give the service principal access to the storage account
# https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-portal#assign-an-azure-built-in-role

# NOTE: you can only have 2,000 role assignments per sub
# https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal#list-number-of-role-assignments

# but you can mitigate this with groups
# https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal#list-number-of-role-assignments

#6) install azcopy
wget https://aka.ms/downloadazcopy-v10-linux
tar -xvf downloadazcopy-v10-linux

#7) Authorize a service principal for azcopy
# https://github.com/Azure/azure-storage-azcopy/wiki/Improved-login-support-for-AzCopy-commands-(with-in-memory-secret-store)

export AZCOPY_AUTO_LOGIN_TYPE="SPN"
export AZCOPY_SPA_APPLICATION_ID="your app id"
export AZCOPY_SPA_CLIENT_SECRET="your key"

~/azcopy_linux_amd64_10.9.0/azcopy copy "https://harstg.blob.core.windows.net/mycontainer/Azure.png" "Azure.png"