Learn how to configure Azure Blob Storage in Azure

Configuring Azure Blob Storage involves creating and managing a storage account, setting up the necessary blob containers, and configuring access permissions.

Below is a step-by-step guide for configuring Azure Blob Storage.

Create a Storage Account

Azure Blob Storage requires a storage account as its foundation.

Steps

1. Log in to the Azure Portal

2. Create a Storage Account

• Click Create a resource > Storage > Storage account.

• Select the subscription and resource group (or create a new resource group).

• Configure the following:

  • Storage account name: Unique name for the account (e.g., mystorageacct).

  • Region: Choose a region where the storage account will be hosted.

  • Performance: Choose between:

    • Standard: Cost-effective; suitable for general-purpose storage.

    • Premium: High-performance; ideal for low-latency scenarios.

  • Redundancy:

    • Locally redundant storage (LRS), Geo-redundant storage (GRS), Zone-redundant storage (ZRS), or Geo-zone-redundant storage (GZRS).

3. Review and Create

• Configure advanced options (e.g., networking, data protection).

• Click Review + create, then Create.

Set Up a Blob Container

Blob containers are used to organize and store blobs.

Steps

1. Navigate to Your Storage Account

Go to the newly created storage account in the Azure Portal.

2. Create a Blob Container

• In the storage account menu, select Containers under the "Data storage" section.

• Click + Container and provide the following details:

  • Name: A unique name (e.g., mycontainer).

  • Public Access Level:

    • Private: No public access.

    • Blob: Public read access for blobs only.

    • Container: Public read access for both the container and its blobs.

• Click Create.

Upload Blobs to the Container

Blobs are the individual files stored in Azure Blob Storage.

Steps

1. Access the Container

Open the blob container you just created.

2. Upload a Blob

• Click Upload, then choose the file you want to upload.

• Optionally set the Blob type:

  • Block Blob: For large text or binary files.

  • Append Blob: For log data, where data is appended.

  • Page Blob: For random read/write access, such as virtual disks.

• Click Upload.

Configure Access and Permissions

Blob access can be secured using authentication methods such as SAS tokens, Azure AD, or shared keys.

Shared Access Signature (SAS)

1. Navigate to the Storage account > Shared access signature.

2. Configure permissions, expiry time, and allowed IP ranges.

3. Click Generate SAS and connection string.

4. Use the SAS URL for secure, temporary access.

Azure Role-Based Access Control (RBAC)

1. Navigate to the Storage account > Access control (IAM).

2. Click Add role assignment.

3. Select a role (e.g., Storage Blob Data Reader) and assign it to a user or group.

Configure Network Access

Restrict Access with Firewalls

1. Navigate to Networking in the storage account settings.

2. Configure Allow access from options:

   • All networks (default).

   • Selected virtual networks and IP addresses.

3. Save the configuration.

Enable Private Endpoint

1. In Networking, select Private endpoint connections.

2. Add a private endpoint and configure it to use a subnet in your virtual network.

Enable Encryption

Azure automatically encrypts data at rest, but you can configure customer-managed keys if needed.

1. Navigate to Encryption in the storage account settings.

2. Choose between:

   • Microsoft-managed keys (default).

   • Customer-managed keys stored in Azure Key Vault.

Monitor and Manage Blob Storage

Enable Monitoring

1. Navigate to Monitoring > Insights.

2. Review metrics such as availability, latency, and capacity.

Enable Storage Logging

1. Navigate to Diagnostics settings.

2. Configure logs for read, write, and delete operations.

Access Azure Blob Storage

Via Azure Portal

Use the built-in interface to upload, download, or manage blobs.

Using Azure Storage Explorer

• Download and install Azure Storage Explorer.

• Connect to your storage account using an account key, Azure AD, or SAS URL.

Programmatically

• Use Azure SDKs (e.g., Python, .NET) or REST APIs to interact with Blob Storage.

• Example using Python SDK:

xxxxxxxxxx
8
1
from azure.storage.blob import BlobServiceClient
2
connection_string = "<your-connection-string>"
3
blob_service_client = BlobServiceClient.from_connection_string(connection_string)
4

5
# Upload a blob
6
blob_client = blob_service_client.get_blob_client(container="mycontainer", blob="myfile.txt")
7
with open("myfile.txt", "rb") as data:
8
   blob_client.upload_blob(data)

Best Practices

1. Secure Access: Use private endpoints or restrict IP access for security.

2. SAS Tokens: Use SAS tokens for temporary access instead of account keys.

3. Redundancy: Choose the appropriate replication strategy (LRS, GRS, etc.) based on your durability needs.

4. Monitoring: Enable diagnostic logs to track access and operations.

5. Lifecycle Management: Configure policies to manage blob lifecycle and reduce costs for infrequently accessed data.

Summary

By following these steps, you can configure Azure Blob Storage efficiently and securely for your use case.