Azure Storage Blobs Accounts - Azure Documentation

Azure Storage Accounts for Blob Storage

An Azure storage account is a unique namespace in Azure that holds all of your Azure Storage data objects, including blobs. The storage account is the foundation of your Azure Storage service. Every object that you can directly interact with in Azure Storage is associated with a storage account.

Understanding Storage Account Types

Azure offers several types of storage accounts, each optimized for different scenarios. For Blob Storage, the most common and recommended types are:

General-purpose v2 (GPv2) accounts: These accounts provide the latest features for Blob Storage and are suitable for most scenarios. They support blobs, files, queues, and tables.
BlockBlobStorage accounts: These are specialized accounts optimized for block blobs, offering lower latency and higher transaction rates. They are ideal for high-performance scenarios like gaming, IoT, or media streaming.

Key Features and Considerations

Redundancy: Storage accounts offer various redundancy options to ensure data durability and availability, including Locally Redundant Storage (LRS), Zone-Redundant Storage (ZRS), Geo-Redundant Storage (GRS), and Geo-Zone-Redundant Storage (GZRS).
Access Tiers: GPv2 accounts support hot, cool, and archive access tiers for blobs, allowing you to optimize costs based on data access frequency.
Performance Tiers: Standard and Premium performance tiers are available. Premium accounts (using SSDs) are ideal for high-performance workloads.
Replication: Data is replicated within a region or across regions based on the chosen redundancy option.

Creating a Storage Account

You can create an Azure storage account using the Azure portal, Azure CLI, Azure PowerShell, or SDKs.

Using the Azure Portal:

Navigate to the Azure portal.
Search for "Storage accounts" and select "Create".
Fill in the required details: Subscription, Resource group, Storage account name (globally unique), Region, Performance, Redundancy.
For GPv2 accounts, configure advanced settings like data lake Gen2 or network access as needed.
Review and create the account.

Example using Azure CLI:


az storage account create \
    --name mystorageaccount \
    --resource-group myresourcegroup \
    --location westus2 \
    --sku Standard_LRS \
    --kind StorageV2

Managing Access

Access to your storage account and its data is controlled through several mechanisms:

Azure Role-Based Access Control (RBAC): Assign roles like Storage Blob Data Contributor or Storage Blob Data Reader to users or groups.
Shared Access Signatures (SAS): Provide delegated access to resources in your storage account with limited permissions and for a limited time.
Access Keys: Full access to the storage account. Use with caution and store securely.

Note: For optimal security, it's recommended to use RBAC and SAS tokens over access keys whenever possible.

Best Practices

Choose the appropriate storage account type and redundancy option for your workload and budget.
Implement strong access control policies using RBAC and SAS.
Monitor your storage account performance and costs regularly.
Consider using Azure Private Link for secure, private access to your storage accounts.