How to use Blob containers in Azure

I know that Microsoft Azure looks easy, because you create your subscription, then you start to consume all the resources. But in some cases, start to be overwhelming, with so many details that you must take in consideration, it’s not easy to take advantage of what Azure have to offer you.

Regarding the Azure storage, sounds easy but, in a lot of cases I’m seeing some implementations that are not following the best practices and not secure. For example, what level of access should I give to the blob? Is the default configuration secured?

Blobs store directly in the root container of the storage account or within a container that is created after the account is provisioned. You can create blob containers by using any of the tools that you are comfortable with.

Creating blob containers

When you create a container, you must give it a name and choose the level of access that you want to allow from the following options:

  • Private. This is the default option. The container does not allow anonymous access.
  • Public Blob. This option allows anonymous access to each blob within the container; however, it prevents browsing the content of the container. In other words, it is necessary to know the full path to the target blob to access it.
  • Public Container. This option allows anonymous access to each blob within the container, with the ability to browse the container’s content.

Use the following commands in Windows PowerShell to create a new container. Before you can create the container, you must obtain a storage context object by passing the storage account’s primary key:

Creating a blob container in Windows PowerShell

$storageKey = (Get-AzureRmStorageAccountKey –ResourceGroup ‘myResourceGroup’ -StorageAccountName $storageAccount).Value[0]
$storeContext = New-AzureStorageContext -StorageAccountName ‘mystorageaccount’ -StorageAccountKey $storeKey
$container = New-AzureStorageContainer –Name ‘mycontainer’ -Permission Container -Context $storeContext

Administrators can view and modify containers, in addition to uploading and copying blobs by using tools such as AzCopy and Azure Storage Explorer, or they can use the following Azure PowerShell cmdlets:

  • Get-AzureStorageBlobCopyState. Get the copy state of a specified storage blob.
  • Remove-AzureStorageBlob. Remove the specified storage blob.
  • Set-AzureStorageBlobContent. Upload a local file to the blob container.
  • Start-AzureStorageBlobCopy. Copy to a blob.
  • Stop-AzureStorageBlobCopy. Stop copying to a blob.

Cheers,

Marcos Nogueira
azurecentric.com
Twitter: @mdnoga

Written by Marcos Nogueira

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents.

Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

Leave a Reply

Your email address will not be published. Required fields are marked *