Overview
With the virtual network and VM fully configured,the next responsibility shifted to storage management.
This part of the project focused on three critical things:
â˘Storing data efficiently
â˘Optimizing storage cost
â˘Controlling and revoking access securely
Hereâs how I handled it đ
Procedure 1: đŚ Creating a Storage Container & Uploading a Blob
Inside the existing storage account (guided-project-rg), I:
â˘Navigated to Data storage â Containers
â˘Created a new container called storage-container
â˘Uploaded a test image file
Once uploaded, Azure automatically assigned it the Hot access tier which is ideal for frequently accessed data.
But since this was just a test file, keeping it in Hot storage wasnât cost-efficient.
Procedure 2:âď¸ Changing the Access Tier (Cost Optimization)
To optimize cost:
â˘I selected the uploaded blob
â˘Clicked Change tier
â˘Switched it from Hot â Cold
â˘Saved the configuration
This reinforced an important cloud concept (storage tiers directly impacting cost),where not all data needs premium, high-frequency access.
Procedure 3: đ Creating a File Share
Beyond blob storage, I also needed to configure Azure Files for shared access scenarios.Inside the same storage account:
â˘I navigated to File shares
â˘Created a new share called file-share
â˘Enabled backup (for this lab)
â˘Uploaded a file into the share
Now the environment supported both:
â˘Blob storage (object-based)
â˘File shares (SMB-style shared storage)
Which are two different storage solutions and two different use cases.
Procedure 4: đ Generating a Shared Access Signature (SAS Token)
Next came secure access control, where instead of giving full account access,i generated a Shared Access Signature (SAS) for the uploaded blob.
The Configuration included are :
â˘Signing method: Account key
â˘Signing key: Key 1
â˘Permissions: Read only
â˘Protocol: HTTPS only
â˘Custom expiration time
Once generated, i copied the Blob SAS URL into a new browser tab and it successfully displayed the image.
That link allowed temporary limited access.
This is powerful because:
â˘No need to share account keys
â˘Access is time-bound
â˘Permissions are granular
Procedure 5: đ Rotating Access Keys (Revoking Access)
Granting access is only half the story,revoking access is just as important.Since the SAS token was signed using Key 1,i invalidated it by:
â˘Navigating to Security + networking â Access keys
â˘Selecting Rotate key for Key 1
â˘Confirming the regeneration
After the key rotation, I refreshed the SAS URL tab.
âď¸ Result
- Authentication failed,access successfully revoked and this demonstrated a critical Azure security concept.
- Rotating storage account keys immediately invalidates all SAS tokens generated with that key.
đ Final Outcome
By the end of this exercise, i had:
â˘Created and configured blob storage
â˘Optimized cost using access tiers
â˘Deployed Azure File Shares
â˘Generated secure, time-limited access
â˘Revoked access by rotating keys
đ Conclusion
This part of the guided project strengthened my understanding of:
â˘Storage architecture
â˘Access governance
â˘Cost management
â˘Real-world administrative control
Where cloud storage isnât just about uploading files.Itâs about managing lifecycle, security, and access responsibly.
Top comments (1)
Welldone