DEV Community

Cover image for Provide private storage for internal company documents in Azure
Baridiilo Poromon
Baridiilo Poromon

Posted on • Updated on

Provide private storage for internal company documents in Azure

The first step is to create a storage account for the internal private company documents. To do this, search for and select Storage accounts. Click create. Select the Resource group that was created in the previous lab. Name the storage account. Select Review + Create, and then Create the storage account. Once the storage account has been deployed click Go to resource. This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy. In the storage account, navigate to the Data management section, and select Redundancy. Select Geo-redundant storage (GRS) and save the changes.

create storage for internal documents

Now , to create a private storage container for the corporate data, in the storage account, navigate to the Data storage section, and select Containers. Select + Container. Name the container. Ensure the Public access level is Private (no anonymous access). Click Create.

public container

To test, upload a file to the private container and test to make sure the file isn’t publicly accessible by copying and pasting the URL.

container error

An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature. Select your uploaded blob file and move to the Generate SAS tab.
In the Permissions drop-down, ensure the partner has only Read permissions. Ensure the start and expiry time is for the next 24 hours.

generate sas

Select Generate SAS token and URL. Copy the Blob SAS URL to a new browser tab and ensure you can access the file.

copy and paste sas

To save on costs, after 30 days, move blobs from the hot tier to the cool tier. In the storage account, in the Overview section, the Default access tier should be set to Hot. In the Data management section, select Lifecycle management. Select Add rule. Set the Rule name to movetocool. Set the Rule scope to Apply rule to all blobs in the storage account. Click Next.

apply rule to all blobs

Verify that Last modified is selected. Set More than (days ago) to 30. In the Then drop-down select Move to cool storage. Add the rule.

move to cool storage

The public website files need to be backed up to another storage account. In the storage account, create a new container for backup.

file backup

Refer back to the previous if you need detailed instructions. Go to that storage account created in the previous exercise. In the Data management section, select Object replication. Select Create replication rules. Set the Destination storage account to the private storage account. Set the Source container to public and the Destination container to backup. Create the replication rule.

Top comments (0)