Container Reference

This document provides a reference for Azure Storage blob containers, detailing their properties, operations, and associated resources.

Container Properties

A container in Azure Blob Storage is a named object that holds a set of blobs. Containers are analogous to directories in a file system.

Name: The name of the container. Must be between 3 and 63 characters long. Must begin and end with a letter or number, and may contain only letters, numbers, and the hyphen (-) character. Adjacent hyphens are not permitted. Container names must be lowercase.
Lease: Indicates the status of a container lease, which provides a write-lock for a resource.
Public Access: Defines the level of public access granted to the container. Options include:
- None: No anonymous access.
- Blob: Anonymous read access for blobs only.
- Container: Anonymous read access for container and blob data.
Metadata: User-defined metadata that can be associated with the container.
Tags: Key-value pairs for categorizing and managing the container.
Default Access Tier: Specifies the default access tier (Hot, Cool, Archive) for blobs within the container unless overridden.

Container Operations

You can perform various operations on containers using REST APIs, Azure SDKs, or Azure CLI/PowerShell.

1. Create Container

Creates a new container within a storage account.

Request Example (REST API):

PUT /<storage-account-name>/<container-name>?restype=container HTTP/1.1
Host: <storage-account-name>.blob.core.windows.net
x-ms-version: 2020-08-04
x-ms-date: Tue, 27 Jul 2021 02:27:33 GMT
Authorization: SharedKey <storage-account-name>:<signature>
Content-Length: 0

2. List Containers

Lists all containers within a storage account.

Request Example (REST API):

GET /<storage-account-name>?comp=list&restype=container HTTP/1.1
Host: <storage-account-name>.blob.core.windows.net
x-ms-version: 2020-08-04
x-ms-date: Tue, 27 Jul 2021 02:27:33 GMT
Authorization: SharedKey <storage-account-name>:<signature>

Response Snippet:

<?xml version="1.0" encoding="utf-8"?>
<EnumerationResults ServiceEndpoint="https://<storage-account-name>.blob.core.windows.net/">
  <Containers>
    <Container>
      <Name>container1</Name>
      <Properties>
        <Last-Modified>Tue, 27 Jul 2021 02:00:00 GMT</Last-Modified>
        <Etag>"0x8D95A77A52F4752"</Etag>
        <LeaseStatus>unlocked</LeaseStatus>
        <PublicAccess>container</PublicAccess>
      </Properties>
    </Container>
    <Container>
      <Name>container2</Name>
      <Properties>
        <Last-Modified>Mon, 26 Jul 2021 23:00:00 GMT</Last-Modified>
        <Etag>"0x8D95A67A52F4751"</Etag>
        <LeaseStatus>locked</LeaseStatus>
        <PublicAccess>none</PublicAccess>
      </Properties>
    </Container>
  </Containers>
  <NextMarker />
</EnumerationResults>

3. Get Container Properties

Retrieves system properties, user-defined metadata, and tags for the specified container.

Request Example (REST API):

HEAD /<storage-account-name>/<container-name>?restype=container HTTP/1.1
Host: <storage-account-name>.blob.core.windows.net
x-ms-version: 2020-08-04
x-ms-date: Tue, 27 Jul 2021 02:27:33 GMT
Authorization: SharedKey <storage-account-name>:<signature>

4. Set Container Properties

Sets system properties, user-defined metadata, or tags for the specified container.

Request Example (REST API - Setting Public Access):

PUT /<storage-account-name>/<container-name>?restype=container&comp=publicAccess HTTP/1.1
Host: <storage-account-name>.blob.core.windows.net
x-ms-version: 2020-08-04
x-ms-date: Tue, 27 Jul 2021 02:27:33 GMT
Authorization: SharedKey <storage-account-name>:<signature>
Content-Length: 39

<PublicAccess xmlns="">container</PublicAccess>

5. Delete Container

Deletes the specified container and all blobs contained within it.

Request Example (REST API):

DELETE /<storage-account-name>/<container-name>?restype=container HTTP/1.1
Host: <storage-account-name>.blob.core.windows.net
x-ms-version: 2020-08-04
x-ms-date: Tue, 27 Jul 2021 02:27:33 GMT
Authorization: SharedKey <storage-account-name>:<signature>

Note: Container names are globally unique within your Azure subscription. Ensure that you choose descriptive and unique names.

Container ACLs and Shared Access Signatures (SAS)

You can control access to containers and blobs through Access Control Lists (ACLs) and Shared Access Signatures (SAS). ACLs define permissions for anonymous users, while SAS provides delegated access for specific users with defined permissions and expiry times.

Container ACLs: Configured via the Set Container ACL operation.
Blob SAS: Generated for individual blobs.
Service SAS: Generated at the account level, can grant access to containers and blobs.

Container Security

It is crucial to implement robust security measures for your containers. Consider the following:

Grant the least privilege necessary.
Use Azure AD authentication where possible.
Enable logging and monitoring for access and activity.
Regularly review container access policies.