Create a Container in Azure Blob Storage

This document guides you through the process of creating a container in Azure Blob Storage using various methods, including the Azure portal, Azure CLI, Azure PowerShell, and client libraries.

Key Information

A container is a logical grouping of blobs. Blob storage organizes objects into containers, similar to a file system organizing files into folders. However, containers are not nested.

Methods to Create a Container

1. Using the Azure Portal

The Azure portal provides a user-friendly graphical interface for managing your Azure resources.

  1. Sign in to the Azure portal.
  2. Navigate to your Storage Account. You can find it by searching for "Storage accounts" in the search bar.
  3. In the storage account menu, under "Data storage", select "Containers".
  4. Click the "+ Container" button.
  5. Enter a name for your container (e.g., mydata).
  6. Select the public access level:
    • Private (no anonymous access): Recommended for most scenarios.
    • Blob (anonymous read access for blobs only)
    • Container (anonymous read access for containers and blobs)
  7. Click "Create".

2. Using Azure CLI

The Azure Command-Line Interface (CLI) is a powerful tool for managing Azure resources from your terminal.

First, ensure you are logged in to your Azure account:

az login

Then, use the following command to create a container:

az storage container create \
    --name mycontainer \
    --account-name mystorageaccount \
    --auth-mode login \
    --public-access off

Replace mycontainer with your desired container name and mystorageaccount with your storage account name.

You can specify different public access levels using --public-access blob or --public-access container.

3. Using Azure PowerShell

Azure PowerShell provides cmdlets for managing Azure resources.

First, connect to your Azure account:

Connect-AzAccount

Then, use the following command to create a container:

New-AzStorageContainer -Name "mycontainer" -Context (New-AzStorageContext -StorageAccountName "mystorageaccount" -StorageAccountKey "YOUR_STORAGE_ACCOUNT_KEY") -Permission off

Replace mycontainer with your desired container name, mystorageaccount with your storage account name, and YOUR_STORAGE_ACCOUNT_KEY with your storage account key. For more secure authentication, consider using managed identities or SAS tokens.

Public access can be set using -Permission blob or -Permission container.

4. Using Client Libraries (Python Example)

Azure SDKs allow you to manage storage resources programmatically.

Install the Azure Storage Blob client library for Python:

pip install azure-storage-blob

Here's a Python example:

from azure.storage.blob import BlobServiceClient, PublicAccess

connection_string = "YOUR_AZURE_STORAGE_CONNECTION_STRING"
container_name = "my-python-container"

try:
    blob_service_client = BlobServiceClient.from_connection_string(connection_string)
    container_client = blob_service_client.create_container(container_name, public_access=PublicAccess.Off)
    print(f"Container '{container_name}' created successfully.")
except Exception as e:
    print(f"Error creating container: {e}")

Replace YOUR_AZURE_STORAGE_CONNECTION_STRING with your actual connection string. You can find public access options in the PublicAccess enum.

Container Access Levels

When creating a container, you define its public access level:

Level Description
Off (Private) No anonymous access is permitted. All access requires authorization. This is the default and recommended setting for most scenarios.
Blob Anonymous read access is permitted for blobs only. Clients can list blobs within the container, but they must have authorization to read the container's metadata.
Container Anonymous read access is permitted for containers and blobs. Clients can list blobs within the container and read blob data without authorization.

Next Steps

Once your container is created, you can start uploading blobs, managing access policies, and configuring other container settings.