Download large files from Blob Storage

Enea de Bollivier 20 Reputation points
2024-11-19T13:56:06.2833333+00:00

Hello.

I am trying to download files from Azure Blob storage to my IoT device.
From my understanding I should be able to use system-assigned entity / defaultCredential.

My device is a Ubuntu22.04 arm device

I provided a system-assigned Identity to my hub and I am trying to run the following code in a module on the device.

Azure::Identity::ManagedIdentityCredentialOptions options;

options.IdentityId = Azure::Identity::ManagedIdentityId::SystemAssigned();

auto credential=std::make_shared<Azure::Identity::ManagedIdentityCredential>(options);

But I get he following error :

Error: GetToken(): Fail to get a new connection for: http://169.254.169.254. Could not connect to server

Is there a way to use the system-assigned Identity or do I need to store the storage account key to connect to it. ( if so how can I do it in a secure way)

Thank you

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
581 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,222 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sander van de Velde | MVP 33,956 Reputation points MVP
    2024-11-19T19:45:34.71+00:00

    Hello @Enea de Bollivier ,

    welcome to this moderated Azure community forum.

    A managed identity is used to let one Azure service consume another Azure service.

    The consuming service must have a Azure managed identity and on the service that will be consumed, that identity must be granted the right role to access the service.

    Your edge module is not an Azure service.

    So, a managed identity will not work.

    There is two alternatives.

    You could work with a 'user assigned managed identity'. This is a bit cumbersome to set up and does not limit the access to individual files.

    Another solution is working with SAS token.

    For each file you can generate a SAS token that gives access to the file for a certain timespan before it expires. This could be eg. writing or reading or both.

    Check this working SAS token example in this blog post. It is combined with a Redis cache but that is just an example.

    If the Azure IoT Edge module needs a SAS token, it can ask for it using a specific message. Using an extra Azure function, the SAS token is generated and distributed with a limited lifespan.


    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.