Azure Storage Documentation

Managing Blob Containers in Azure Storage

This document provides a comprehensive guide on how to manage blob containers in Azure Storage. Containers are fundamental organizational units for your blobs, enabling you to group related data and control access.

What is a Blob Container?

A blob container is a named grouping of blobs. You can think of it like a root folder in a file system. Each storage account can contain an unlimited number of containers, and each container can hold an unlimited number of blobs.

Creating a Container

You can create containers using several methods:

  • Azure Portal: Navigate to your storage account, select "Containers" under "Data storage", and click "+ Container".
  • Azure CLI: Use the following command: 
    az storage container create --name <container-name> --account-name <storage-account-name> --auth-mode login
  • Azure PowerShell: Use the following cmdlet: 
    New-AzStorageContainer -Name <container-name> -Context <storage-account-context>
  • SDKs: Utilize the Azure Storage SDKs for your preferred programming language.
Tip: Container names must be valid DNS names. They must start with a letter or number, can contain only letters, numbers, and the hyphen character (-), and must end with a letter or number.

Container Access Levels

Each container has a public access level that determines how blobs within it can be accessed:

  • Private (no anonymous access): The default setting. Access is restricted to authenticated users of the storage account.
  • Blob (anonymous read access for blobs): Blobs can be read anonymously, but container metadata and properties are not accessible.
  • Container (anonymous read access for containers and blobs): Blobs and container metadata are accessible anonymously.

You can configure the public access level when creating a container or by modifying its properties later.

Listing Containers

To list all containers within a storage account:

  • Azure Portal: Go to your storage account and select "Containers".
  • Azure CLI: 
    az storage container list --account-name <storage-account-name> --auth-mode login
  • Azure PowerShell: 
    Get-AzStorageContainer -Context <storage-account-context>

Deleting a Container

Deleting a container will permanently delete the container and all blobs it contains. This operation cannot be undone.

  • Azure Portal: Select the container, click "Delete".
  • Azure CLI: 
    az storage container delete --name <container-name> --account-name <storage-account-name> --auth-mode login
  • Azure PowerShell: 
    Remove-AzStorageContainer -Name <container-name> -Context <storage-account-context>
Warning: Deleting a container is a destructive operation. Ensure you have backups or are certain you no longer need the data before proceeding.

Container Properties

Each container has properties that you can manage, including:

  • Public Access Level: As described above.
  • Lease Status: For implementing optimistic concurrency control.
  • Metadata: Key-value pairs to store custom information about the container.

You can view and modify these properties through the Azure portal, CLI, PowerShell, or SDKs.

Best Practices for Container Management

  • Use meaningful container names that reflect the data they hold.
  • Organize containers logically to simplify management and access control.
  • Set the least permissive access level required for each container. Avoid public access unless absolutely necessary.
  • Leverage Azure policies and RBAC for fine-grained access control.
  • Consider using lifecycle management policies to automatically move or delete data based on access patterns.