Az - Container Instances

Reading time: 1 minute

{{#include ../../../../banners/hacktricks-training.md}}

Basic Information

Azure Container Instances (ACI) provide a serverless, on-demand way to run containers in the Azure cloud. You can deploy single or multiple containers in a group with scalable compute, networking options, and the flexibility to connect to other Azure services (like Storage, Virtual Networks, or Container Registries).

As they are ephemeral workloads, you don't need to manage the underlying VM infrastructure — Azure handles that for you. However, from an offensive security perspective, it's crucial to understand how permissions, identities, network configurations, and logs can reveal attack surfaces and potential misconfigurations.

Configurations

• In order to create a container it's possible to use a public image, a container image from an Azure Container Registry or an external repository, which might require to configure a password to access it.
• Regarding networking it can also have a public IP or be private endpoints.
• It's also possible to configure common docker settings like:
  • Environment variables
  • Volumes (even from Azure Files)
  • Ports
  • CPU and memory limits
  • Restart policy
  • Run as privileged
  • Command line to run
  • ...

Enumeration

# List all container instances in the subscription
az container list

# Show detailed information about a specific container instance
az container show --name <container-name> --resource-group <res-group>

# Fetch logs from a container
az container logs --name <container-name> --resource-group <res-group>

# Execute a command in a running container and get the output
az container exec --name <container-name> --resource-group <res-group> --exec-command "ls"

# Get yaml configuration of the container group
az container export  --name <container-name> --resource-group <res-group>