Azure Storage Accounts
A storage account is a container that holds your Azure Storage data objects. You can interact with the data in your storage account through the REST API or through client libraries.
What is an Azure Storage Account?
An Azure Storage account provides a unique namespace in Azure for your data. Every object that you store in Azure Storage has a direct path that includes your unique account name. This account name forms part of your data's endpoint URL.
Key Concepts:
- Namespace: A unique identifier for your storage data.
- Endpoints: URLs used to access your storage data.
- Services: Storage accounts support Azure Blob, File, Queue, and Table storage services.
Types of Storage Accounts
Azure offers several types of storage accounts, each optimized for different scenarios:
General-Purpose v2 (GPv2) Accounts
GPv2 accounts are the recommended, general-purpose storage accounts that can store Blob, File, Queue, and Table data. They offer the lowest transaction price and are suitable for a wide range of scenarios.
- Supports all Azure Storage services.
- Offers tiered storage (Hot, Cool, Archive).
- Features include redundancy options, access tier management, and lifecycle management.
Blob Storage Accounts
Blob storage accounts are optimized for storing large amounts of unstructured data, such as text or binary data.
- Primarily for Blob storage.
- Ideal for serving images or documents directly to a browser, storing files for distributed access, streaming video and audio, storing data for backup and restore, disaster recovery, and data archiving.
File Storage Accounts
File storage accounts are optimized for Azure Files, offering fully managed cloud file shares accessible via the SMB protocol.
- Optimized for Azure Files.
- Enables lift-and-shift of on-premises applications that rely on file shares.
Creating a Storage Account
You can create a storage account through the Azure portal, Azure CLI, PowerShell, or ARM templates.
Tip: For most workloads, a General-Purpose v2 (GPv2) account is the best choice. It provides access to all Azure Storage services and the latest features.
Example using Azure CLI:
az storage account create \
--name mystorageaccountname \
--resource-group myResourceGroup \
--location eastus \
--sku Standard_LRS
Storage Account Features
Redundancy Options
Storage accounts offer several redundancy options to ensure data durability and availability:
- Locally-redundant storage (LRS): The lowest-cost redundancy option, protecting against hardware failures within a single data center.
- Zone-redundant storage (ZRS): Replicates data across three Azure availability zones in the primary region.
- Geo-redundant storage (GRS): Replicates data to a secondary region hundreds of miles away from the primary region.
- Geo-zone-redundant storage (GZRS): Combines the high availability of ZRS with the disaster recovery benefits of GRS.
Access Tiers
For Blob storage, you can manage costs by setting access tiers:
- Hot tier: Optimized for frequently accessed data.
- Cool tier: Optimized for infrequently accessed data, stored for at least 30 days.
- Archive tier: Optimized for rarely accessed data, stored for at least 180 days, with flexible latency.
Security
Azure Storage accounts provide robust security features:
- Access Keys: Primary and secondary access keys for authentication.
- Shared Access Signatures (SAS): Delegated access to specific resources with granular permissions.
- Azure Active Directory (Azure AD) integration: For role-based access control (RBAC).
- HTTPS: All traffic to Azure Storage is encrypted over HTTPS.
- Network Security: Virtual network service endpoints, private endpoints, and firewall rules.