Exploring Access Storage in Azure

Written by

Under the topic

Dated:

December 10, 2023

Table Of Content

Accessing storage in Azure Storage involves using various tools, services, and APIs designed to interact with Azure Storage resources, such as blobs, files, tables, and queues.

Below is a detailed explanation of accessing Azure Storage, covering key methods, tools, and best practices.

Azure Storage Services

Azure Storage offers different types of storage services, each catering to specific use cases:

1. Blob Storage

Stores unstructured data like documents, images, videos, and backups.
Supports three types:
- Block Blobs: For large files and objects.
- Append Blobs: For logging data.
- Page Blobs: For random-access files like VHDs.
Use Cases: Media storage, backups, and data lakes.

2. Azure Files

Provides fully managed file shares accessible via SMB or NFS protocols.
Use Cases: File sharing, lift-and-shift migrations.

3. Queue Storage

Message storage for reliable communication between services.
Use Cases: Decoupling applications, task queuing.

4. Table Storage

NoSQL key-value store for structured, semi-structured data.
Use Cases: Lightweight, scalable data storage for apps.

5. Disk Storage

Managed virtual hard disks (VHDs) for Azure VMs.
Use Cases: Persistent VM storage.

Authentication and Authorization

Authentication Methods

To securely access Azure Storage, you must authenticate using one of the following methods:

1. Azure Active Directory (Azure AD)

Supports role-based access control (RBAC).
Used for granular permissions and enterprise identity integration.
Ideal for modern, secure applications.

2. Shared Access Signature (SAS)

Generates time-bound, scoped access to specific storage resources.
Supports fine-grained permissions.
Use Case: Temporary access for third parties or services.

3. Shared Key (Account Key)

Access using storage account name and keys.
Use Case: Useful during development; avoid using in production.

4. Managed Identities

Allows Azure resources to authenticate to other resources without credentials.
Best for applications running in Azure (e.g., VMs, App Service).

5. Anonymous Access

Public access for blob containers and blobs.
Use Case: Publicly available files, websites.

Access Methods

Azure Storage Explorer

Description

A GUI tool to interact with Azure Storage accounts.

Features

Upload, download, and manage blobs, files, and tables.
Generate SAS tokens.
Manage access policies.

Azure Portal

Description

Web-based management interface for Azure services.

Features

View and configure storage accounts.
Upload/download files to blobs or file shares.
Monitor metrics like performance and availability.

Azure CLI

Description

Command-line tool for managing Azure resources.

Examples


xxxxxxxxxx
9
1
# List storage accounts
2
az storage account list
3

4
# Upload a blob
5
az storage blob upload \
6
--account-name <name> \
7
--container-name <container> \
8
--file <file-path> \
9
--name <blob-name>

Azure PowerShell

Description

Scripting environment for automating Azure tasks.

Examples


xxxxxxxxxx
7
1
# Connect to a storage account
2
Connect-AzAccount
3

4
# Upload a file to a container
5
Set-AzStorageBlobContent `
6
-Container <container-name> `
7
-File <file-path>

SDKs and APIs

Azure provides language-specific SDKs for programmatic access:

Supported Languages

.NET, Python, Java, Node.js, Go, Ruby, etc.

Example (Python)


xxxxxxxxxx
4
1
from azure.storage.blob import BlobServiceClient
2
blob_service_client = BlobServiceClient(account_url="https://<account-name>.blob.core.windows.net", credential="<account-key>")
3
container_client = blob_service_client.get_container_client("my-container")
4
container_client.upload_blob("my-blob", data="Hello, Azure!")

REST APIs

Access storage resources directly via HTTP.

Common Endpoints

Blob: https://<account>.blob.core.windows.net/<container>/<blob>
File: https://<account>.file.core.windows.net/<share>/<file>
Authentication: Use SAS tokens, keys, or Azure AD.

Example Request (cURL)


xxxxxxxxxx
4
1
curl -X PUT -T "file.txt" \
2
-H "x-ms-blob-type: BlockBlob" \
3
-H "Authorization: Bearer <token>" \
4
"https://<account>.blob.core.windows.net/<container>/<blob>"

Network Access Control

Use Virtual Network Service Endpoints or Private Endpoints to restrict storage access.
Enable firewall rules for IP-based restrictions.
Use Azure's cross-origin resource sharing (CORS) policies for browser-based access.

Access Patterns

Hot Access

Frequently accessed data; optimized for low latency.

Cool Access

Infrequently accessed data; lower cost, higher latency.

Monitoring and Logging

Azure Monitor

Tracks storage metrics like availability and latency.

Storage Analytics

Logs requests and diagnostics for troubleshooting.

Access Control Logs

Audits who accessed the data and how.

Summary

By combining the above methods, you can efficiently and securely access and manage Azure Storage for diverse use cases.

Let’s compare storage for File Shares and…

Azure offers Azure Files for file shares and Azure Blob…

Learn how to manage Azure File Shares

Managing Azure File Shares involves handling storage ac…

How to configure Azure Files and Azure File Sync

Configuring Azure Files and Azure File Sync allows you …

Azure Storage Authorization options explained i…

Azure Storage provides several authorization options to…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.