Containers
Containers are the fundamental building blocks for storing data in Azure Blob Storage. A container is a logical grouping of blobs, similar to a folder in a file system.
Every blob in Azure Storage must reside within a container. A storage account can contain any number of containers, and a container can contain any number of blobs.
Creating a Container
You can create containers using various methods:
- Azure Portal
- Azure CLI
- Azure PowerShell
- Azure Storage SDKs (.NET, Java, Python, Node.js, etc.)
- REST API
Using Azure CLI
To create a container using the Azure CLI, use the following command:
az storage container create --name mycontainer --account-name mystorageaccount --auth-mode login
Replace mycontainer with the desired name for your container and mystorageaccount with your storage account name.
Using REST API
The following REST API request creates a container:
PUT https://mystorageaccount.blob.core.windows.net/mycontainer?restype=container
Authorization: SharedKey mystorageaccount:YourAccessSignature
x-ms-date: Tue, 29 Jul 2014 22:37:22 GMT
Content-Length: 0
Container Properties
Each container has several important properties:
- Name: The unique name of the container. Container names must adhere to specific naming rules (lowercase letters and numbers, 3-63 characters).
- Public Access Level: Controls the level of anonymous access allowed to the container and its blobs. Options include:
Private: No anonymous access.Blob: Anonymous read access for blobs.Container: Anonymous read access for blobs and container metadata.
- Metadata: Key-value pairs that can be associated with the container for custom data.
- Lease: A lock on a container that prevents it from being deleted or modified for a specified duration.
Accessing Containers
Access to containers and their blobs is controlled by authorization mechanisms, including:
- Shared Key Authorization: Using the storage account access keys.
- Shared Access Signatures (SAS): Delegated permissions for specific resources with defined time limits and permissions.
- Azure Active Directory (Azure AD): Role-based access control (RBAC) for fine-grained permissions.
Important Note on Naming
Container names must be unique within a storage account and follow these naming conventions:
- Must start and end with a letter or number.
- Can contain only letters, numbers, and the hyphen (-) character.
- Must be between 3 and 63 characters long.
- Cannot contain consecutive hyphens.
- Must be case-insensitive.
Managing Containers
You can perform various management operations on containers:
- List containers
- Get container properties and metadata
- Set container metadata
- Set container public access level
- Delete a container
- Acquire, renew, and release a lease on a container
Example: Setting Public Access Level
To set a container to allow anonymous read access for blobs using Azure CLI:
az storage container set-permission --name mycontainer --public-access blob --account-name mystorageaccount --auth-mode login
Best Practices
- Naming Conventions: Use descriptive and consistent names for your containers.
- Access Control: Employ the principle of least privilege. Use Azure AD or SAS tokens for access whenever possible instead of shared keys for public access.
- Public Access: Be cautious when setting public access levels. Only expose data anonymously if it's intended for public consumption.
- Container Organization: Although blobs can be organized logically within a container, consider the scope of your access policies. Sometimes, multiple containers might be useful for segregating data with different access requirements.