Manage Azure Storage
This tutorial guides you through the essential tasks of managing your Azure Storage resources. You'll learn how to create, access, and configure storage accounts and their contents.
Prerequisites
Before you begin, ensure you have:
- An active Azure subscription. If you don't have one, create a free account.
- The Azure CLI installed and configured, or access to the Azure portal.
1. Creating an Azure Storage Account
A storage account is the foundation for all your Azure Storage services. Here's how to create one using Azure CLI:
az storage account create \
--name mystorageaccountname12345 \
--resource-group MyResourceGroup \
--location eastus \
--sku Standard_LRS \
--kind StorageV2
Replace `mystorageaccountname12345` with a unique name (globally unique, 3-24 lowercase letters and numbers) and `MyResourceGroup` with your desired resource group name.
2. Understanding Storage Account Types and Access Tiers
Azure offers different types of storage accounts optimized for various scenarios:
| Type | Description | Use Cases |
|---|---|---|
| General-purpose v2 (GPv2) | Recommended for most scenarios, supports blobs, files, queues, tables, and managed disks. | General data storage, backups, logs, media content. |
| Blob Storage | Optimized for storing large amounts of unstructured data like images and videos. | Image hosting, video streaming, document archives. |
| File Storage | Fully managed file shares in the cloud accessible via SMB protocol. | Lift-and-shift applications, shared configuration files. |
Within Blob Storage, you can set access tiers:
- Hot: Optimized for frequently accessed data.
- Cool: Optimized for infrequently accessed data, stored on cheaper media.
- Archive: Optimized for rarely accessed data with latency-sensitive retrieval times.
3. Accessing Your Storage Account
You can access your storage account in several ways:
- Azure Portal: The graphical interface for managing Azure resources.
- Azure CLI: A command-line tool for interacting with Azure.
- Azure Storage Explorer: A cross-platform graphical tool to manage your Azure Storage data.
- SDKs: Programmatic access through various programming languages.
Using Shared Access Signatures (SAS)
SAS tokens provide delegated access to resources in your storage account without exposing your account keys. You can generate SAS tokens for blobs, containers, queues, tables, or the entire account.
4. Managing Blobs and Containers
Blobs are objects that store data, and containers are groups of blobs.
Creating a Container
Using Azure CLI:
az storage container create \
--name mycontainer \
--account-name mystorageaccountname12345 \
--auth-mode login
Uploading a Blob
Using Azure CLI:
az storage blob upload \
--file mylocalfile.txt \
--container-name mycontainer \
--name myblob.txt \
--account-name mystorageaccountname12345 \
--auth-mode login
Downloading a Blob
Using Azure CLI:
az storage blob download \
--container-name mycontainer \
--name myblob.txt \
--file downloadedfile.txt \
--account-name mystorageaccountname12345 \
--auth-mode login
5. Security Best Practices
- Use RBAC: Leverage Azure Role-Based Access Control (RBAC) for granular permissions instead of account keys where possible.
- Encrypt Data: Azure Storage automatically encrypts data at rest. You can also manage your own encryption keys using Azure Key Vault.
- Network Security: Configure firewalls and virtual networks to restrict access to your storage accounts.
- Regenerate Keys: Periodically regenerate your storage account access keys.