Containers in Azure Blob Storage
Containers are the fundamental building blocks for organizing objects in Azure Blob Storage. A container is a logical grouping of blobs, similar to a directory or folder in a file system. You must create a container before you can upload any blobs to it.
Container Concepts
- Namespace: Container names must be unique within a storage account.
- Naming Conventions: Container names must be between 3 and 63 characters long, and can contain lowercase letters, numbers, and hyphens. They cannot start or end with a hyphen.
- Access Control: Access to blobs within a container is controlled by the container's access policy and any shared access signatures (SAS) applied.
- Scope: Each storage account can contain an unlimited number of containers.
Creating a Container
Containers can be created using various methods, including the Azure portal, Azure CLI, PowerShell, SDKs, and REST API.
Using Azure CLI
The following command creates a new container named mycontainer in your storage account:
az storage container create \
--name mycontainer \
--account-name mystorageaccount \
--auth-mode login
Using Azure PowerShell
The following command creates a new container named mycontainer in your storage account:
New-AzStorageContainer -Name "mycontainer" -Context (Get-AzStorageAccount -ResourceGroupName "myresourcegroup" -AccountName "mystorageaccount").Context
Container Access Levels
You can set the public access level for a container to control how clients can access blobs within it:
- Private (no anonymous access): The default setting. Clients must have authorized access to read or write blobs.
- Blob (anonymous read access for blobs only): Anonymous clients can read blobs, but not container metadata or list blobs.
- Container (anonymous read access for blobs and container): Anonymous clients can read blobs and the container's metadata.
Important Consideration:
Setting a container to public access means that anyone on the internet can read the blobs without authentication. Use this setting with extreme caution and only for publicly intended data.
Managing Containers
You can perform various operations on containers, such as listing, deleting, and setting properties.
Listing Containers
To list all containers in your storage account:
az storage container list \
--account-name mystorageaccount \
--auth-mode login \
--output table
Deleting a Container
To delete a container and all its contents:
az storage container delete \
--name mycontainer \
--account-name mystorageaccount \
--auth-mode login
Danger:
Deleting a container is an irreversible operation and will permanently remove all blobs within that container. Ensure you have backups if necessary.
Container Metadata
Each container can have associated metadata, which is a collection of key-value pairs. This metadata is not stored with the blobs themselves but is associated with the container.
You can retrieve container metadata using the Azure CLI:
az storage container show \
--name mycontainer \
--account-name mystorageaccount \
--auth-mode login \
--query metadata
Pro Tip:
Use container metadata to store information about the purpose of the container or any relevant administrative details.
Best Practices
- Use descriptive and meaningful names for your containers.
- Organize blobs into logical containers to simplify management and access control.
- Regularly review container access policies to ensure data security.
- Consider using distinct containers for different types of data or different applications.