DEV Community

Cover image for Secure Storage for Azure Files and Azure Blob Storage
Peter Olanrewaju Fadeyi
Peter Olanrewaju Fadeyi

Posted on

Secure Storage for Azure Files and Azure Blob Storage

#kubernetes #security #cloud #devops

Create a resource group and a storage account.

(A). Create and deploy a resource group to hold all your project resources

  • In the Azure portal, search for and select Resource groups.
    Resourse Group

  • Select and open the Create button.

Resource Group

  • Give your resource group a name. For example, exercisestorage.

  • Then Select a region and Use this region throughout the project.

  • Select Review and create to validate the resource group.

Resource Group Creation

  • Select Create to deploy the resource group. Resource Group deployment

(B). Create and deploy a storage account to support testing and training

  • In the Azure portal, search for and select Storage accounts.
    storage account

  • Click and open the Create button.
    storage account

  • On the Basics tab:

i. Select your Resource group,

ii. Provide a Storage account name (which must be a unique name in Azure).

iii. Set the Performance to Standard.

iv. Select Review, and then Create.

storage creation
storage creation

  • Wait for the storage account to deploy and then Go to resource.

Go to resource

(C). Create a Container for your storage.

  • Collapse the Data Storage in the Storage Account to create a Container. Note that you do not search for container in the search bar of Azure Storage.

container

  • Click on Add Container and give it a name, after which you can open the container to upload files.

container created

Configure simple settings in the storage account

(A). The data in this storage account doesn’t require high availability or durability. A lowest cost storage solution is desired.

  • In your storage account, collapse the Data management section to select + open the Redundancy blade. Select Locally-redundant storage (LRS) in the Redundancy drop-down and be sure to save changes incase the Redundancy is not set to LRS by defaults. Refresh the page to confirm change.

Redundancy

(B). The storage account should only accept requests from secure connections.

  • In the Settings section, select the Configuration blade and open.

configuration

  • Ensure Secure transfer required is Enabled. Developers would like the storage account to use at least TLS version 1.2, so ensure the Minimal TLS version is set to Version 1.2 and saved if any changes is made to the default setting.

configuration

(C). Until the storage is needed again, disable requests to the storage account by selecting the Configuration blade in the Settings section and ensure Allow storage account key access is Disabled. Be sure the changes is saved successfully.

key access disable

(D). Ensure the storage account allows public access from all networks.

  • In the Security + networking section, select the Networking blade and check if Public network access is set to Enabled for all networks by default and if it is not Enabled, click the Manage box under the Public network access to enable it and be sure to Save your changes.

Public network access

Top comments (1)

Collapse
 
realcloudprojects profile image
SKILL.SCH

Welldone