Cloud Engineering Profession

How to create an Azure Storage Account, upload blobs in the Container, give private access and Do Replication Rule Policy

IBRAHEEM MUFUTAU DIMEJI's photo
IBRAHEEM MUFUTAU DIMEJI
·

5 min read

This article is a description of how to Create an Azure Storage Account, how to create a Container with private access and upload blobs in the container and give access to a user with SAS link.

We need to log in into our Azure account that has subscription on it or we use a Sandbox to give us access to create resources in Azure. In this case, am using Sandbox to gain access to the Azure. That’s why my subscription is showing Concierge Subscription and the Resource group has been automatically created for me. I Clicked on the Storage Account in the Azure in order to create one and give my storage account a name “easystores” which is a globally available name.

I choose the availability region as (US) West US and selected a Primary service as “Azure Blob Storage or Azure Data Lake Storage Gen 2”.

There are six types of Redundancy which are LRS, GRS, ZRS, GZRS, RA-ZRS and RA-GZRS. Only four are displayed in the drop down whereas we can check the box if we want to choose the Read Access only redundancy in the event of regional unavailability. In this case, I selected the Redundancy I liked which is number 4 - Geo-redundant storage (GRS), I dont want it to have Read access only in the event of regional unavailability, that’s why I unchecked the box.

I need to choose if my storage account is to be given public or private access. In this case, I want my storage account to be given private access that is why I leave the box “Allow enabling anonymous access on individual containers” unchecked.

In the access tier, I have options of Hot tier which can be frequently accessed, Cool tier which has 30 days access, Cold tier which has 90 days access and Archive tier which has 180 days access and I chose Cool tier: optimized for infrequently accessed data and backup scenarios.

I have options to connect to my storage account either publicly, via public IP addresses or service endpoints, or privately, using private endpoint. In this case I choose public access from all networks

Under Data protection, I can set number of days to restore my deleted blobs, containers and file shares. Here, I chose 200 days for enabling soft delete for blobs and retain deleted blobs, 60 days to enable soft delete for containers and retain deleted containers and 30 days to enable soft delete for file shares and retain deleted file shares.

Under the Encryption type, we have options to choose either “Microsoft managed keys” or “Customer managed keys” whereby I chose the formal.

We can leave Tags at default setting and go straight to Review and Create. It may take some minutes for the Deployment in Progress

After successful Deployment, click on Go to Resource.

In the Resource, Click on Data Storage and then click on Containers

Create a Container by clicking on +Container

Give your container a name, I named it as “mycontainer1”. In the anonymous access level, I chose private access, that is why it is greyed out. It will be available for public access only whereby you can select “Container (anonymous read access for containers and blobs) then click on Create.

I followed the same process to create another container which was named “mycontainer2”

After successful creation of at least one container, you can upload blobs into the container. Double click on the container and click “upload”

To upload your blobs which are images, videos, documents etc., you can eithher drag and drop the items or simply browse the file to select the items to be uploaded. Click on Browse the file.

after selecting a file from your system, it will be displayed, then click on upload

You may decide to change the access tier from Hot to cool, cold or archive, just click on your blob, check the box and click on change tier.

In order to give access to the blobs, you can generate a SAS link. Click on the blob, scroll to the extreme end and click on the three ellipses and click Generate SAS

then you can download the blobs and you can copy the link to the blobs and paste it to the browser or give the URI to anybody to get access to the blobs.

Before setting the SAS URL, I pasted the link to the browser and it gave this error message. This shows that the access to the blob is private and cannot be accessed publicly unless access is granted.

To give access to a user for a specific period of time like minutes, hours, days, weeks, months or years, set the specific date and time for the access

and then click on “Generate SAS token and URL”, scroll down and copy the Blob SAS URL

A user can access the Blob only through the SAS URL generated and the access will be within the specific period of time set only. If it is an image, it will display, if it is a video, it will play and if it is a document it will be downloaded only within the specific time set. At the expiration of the time set, this error message below would be displayed.

For the Replication rule, I duplicated my tab to create another Storage account still with my sandbox subscription and I named it easystorex

After successful creation of my second storage account named easystorex, I went back to my first easystores account, under Overview, I search Data Management, then clicked on Object Replication and then clicked on +Create replication rule. I wait until object replication successfully applied replication policy on source account and the blobs are copied asynchronously from the source account to the destination account.

privateaccessstorageAzureStorage azure-devops