Find unused storage accounts in Azure
No one wants to pay more than they have to and that is why when using the cloud you need to be on top of removing unused resources, or orphaned resources. In a previous blog post I showed you how to find any unused disks or NICs from deleted virtual machines.
In this blog post I want to help you understand how you can find those unused storage accounts within your Azure subscriptions.
There are three methods I've used to start the hunt.
Azure Portal
The first method I like to use is Azure Monitor. Within there you have a section for Storage Accounts.
Within here you can gather some useful information around Transactions. This can help to show you how active or inactive the storage account is.
Below is an example within my Azure subscription.
This will help to guide you in showing which storage accounts are being used and which ones aren't actually that active.
The word of caution I'd use with this method is you could have archive storage here that isn't used either read or added to. Make sure you are paying attention to the name or tags of your storage accounts before deciding something that has no transactions can be deleted.
PowerShell
Another way I have found is using a script that queries for every storage account within my Azure subscription and then pull out the last modified date for that container. You can find a copy of the script below or a copy here.
<#
.SYNOPSIS
FindUnusedAzureStorage.ps1
.DESCRIPTION
This script queries your Azure subscription and gathers the name and last modified date of your Azure storage accounts.
.OUTPUTS
It will output the results into a table detailing the name and last modified date of your Azure storage accounts.
.NOTES
Written by: Sarah Lean
Find me on:
* My Blog: http://www.techielass.com
* Twitter: https://twitter.com/techielass
* LinkedIn: http://uk.linkedin.com/in/sazlean
.EXAMPLE
.\FindUnusedAzureStorage.ps1
This will query your Azure subscription looping round each storage account gather the name and last modified date. The output table will show you the storage account name, last modified date and the resource group that storage account is stored in. Please note that the last modified date is shown in MM/DD/YYYY format.
Change Log
V1.00, 20th January 2022 - Initial version
License:
The MIT License (MIT)
Copyright (c) 2022 Sarah Lean
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
#>
& {
foreach ($storageAccount in Get-AzStorageAccount) {
$storageAccountName = $storageAccount.StorageAccountName
$resourceGroupName = $storageAccount.ResourceGroupName
# Get storage account key
$storageAccountKey = (Get-AzStorageAccountKey -Name $storageAccountName -ResourceGroupName $resourceGroupName).Value[0]
# Create storage account context using above key
$context = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
# Get the last modified date
$lastModified = Get-AzStorageContainer -Context $context
| Sort-Object -Property @{Expression = {$_.LastModified.DateTime}}
| Select-Object -Last 1 -ExpandProperty LastModified
# Collect the information to output to a table when the for loop has completed
New-Object psobject -Property @{
Name = $storageAccountName;
LastModified = $lastModified.DateTime;
ResourceGroupName = $resourceGroupName
}
}
} | Format-Table Name, LastModified, ResourceGroupName -autosize
This will output a table showing the storage account name, last modified date and the resource group the storage account is in. It's worth noting the date format is MM/DD/YY.
Below is an example of me running the script on my Azure subscription within the Cloud Shell.
The flaw with this method is that files might still be getting accessed but not modified, so it's not perfect, but it can be a great place to start trying to find those unused storage accounts.
Communication
The last method is communication. Using the information you've gathered from above reach out to your colleagues and peers and confirm what you've found is true or not.
Hopefully you'll have a good naming convention or tagging system within Azure that will make tracking down the owners of these Azure storage account fairly easy. 😉
Illustration by Viktoriya Belyakova from Ouch!