Introduction
Modern cloud environments rely heavily on secure and scalable storage solutions. Cloud administrators must understand how to store files, manage access permissions, and control how data is shared across services and users.
In Microsoft Azure, storage accounts provide several services such as Blob storage, file shares, and secure access mechanisms that allow administrators to manage data efficiently.
In this exercise, we will work with Azure storage services by creating a storage container, uploading files, configuring access tiers, and creating a file share. We will also generate a **Shared Access Signature (SAS) **token to securely share files and learn how to revoke access by rotating storage account keys.
Steps
1. Create a storage container
Login to Microsoft Azure at https://azure.portal.com
From the Azure portal home page, search for and select storage accounts under services.
- Select the storage account created during the Prepare exercise (for example
guideprojectsan).
Ensure the storage account is associated with the resource group, for example:
guided-project-rg
Under Data storage, select Containers.
Select + Add container.
Name the new container:
storage-container
- Select Create.
2. Upload a file to the storage container
Open the container you just created.
Select Upload
Click Browse for files, select a file from your computer, and upload it.
After the upload is complete, you will notice that the file is assigned to an Access tier.
3. Change the access tier
Storage tiers help optimise cost depending on how frequently files are accessed.
Select the uploaded file.
Select Change tier.
- Select
Cold
- Click Save.
4. Create a file share
Azure file shares allow files to be accessed using standard file protocols.
- From the Azure portal, search for and select storage accounts.
Select the storage account you created earlier.
Under Data storage, select File share.
Click + File share.
- Enter a name:
file-share
On the Backup tab, uncheck Enable backup.
Select Review + create, then Create.
- Once the file share is created, select Upload. Upload the same file you uploaded to the blob storage or a different file.
5. Create a shared Access Signature (SAS)
A Shared Access Signature (SAS) allows controlled access to storage resources without exposing accounts credentials.
Navigate to the storage account.
Select Storage browser.
Expand Blob containers and open the container you created earlier.
Click the three dots(...) next to the uploaded file.
Select Generate SAS.
- Configure the following settings:
Signing method: Account key
Signing key: key 1
Stored access policy: None
Permissions: Read
Allowed protocols: Https only
- Select Generate SAS token and URL.
- Copy the Blob SAS URL.
- Paste copied URL into a new browser tab. The uploaded file should become accessible. Keep this tab or window open.
6. Rotate access keys
Rotating storage accounts keys helps revoke access granted through SAS tokens.
Navigate through to your Storage accounts.
Select Security + networking, select Access keys.
For Key 1, select Rotate key.
Confirm by selecting Yes.
- Once the key rotation is complete, return to the browser tab where youu opened the SAS URL and refresh the page. You should now receive an authentication failed error, confirming that the previously generated SAS token is no longer valid.
Conclusion
In this exercise, we explored how to manage storage resources in Azure. We created a storage container, uploaded files, and configured storage tiers to optimize data access and cost management. We also created an Azure file share to support structured file storage.
Additionally, we generated a Shared Access Signature (SAS) token to securely share storage resources without exposing account credentials. Finally, we rotated the storage account access key to invalidate the SAS token and demonstrate how administrators can revoke access when necessary.
These storage management skills are essential for maintaining secure and scalable data storage in Microsoft Azure environments.
Top comments (0)