Introduction
Azure Storage Accounts are the backbone of file and object management in the cloud. From blobs to file shares, Azure makes it easy to store and share data across applications and teams. But as files move to the cloud, managing who can access them, how they are shared, and for how long becomes critical.
In this hands-on guide, weβll walk through:
- Creating a storage container and uploading a blob.
- Changing access tiers to optimize costs.
- Creating and using a file share.
- Generating a Shared Access Signature (SAS) to control temporary file access.
- Rotating keys to revoke access when needed.
By the end, youβll know how to securely store files, share them with the right people, and manage access effectively.
π― Skilling Objectives
- Create and configure an Azure Storage container.
- Upload files and manage access tiers.
- Create a file share and upload files.
- Generate SAS tokens for temporary, secure file access.
- Revoke access by rotating keys.
Step 1: Create a Storage Container
π‘ What is a Storage Container?
A container organizes blobs (files) within a storage account, much like a folder in a file system.
Steps:
- Log in to the Azure Portal.
Search for Storage accounts and select your account.
Under Data storage, select Containers β + Add container.
Name it
storage-containerand click Create.
β Your first storage container is ready.
Step 2: Upload a File to the Container
- Open the container you created.
Click Upload, choose a local file (e.g., an image), and upload it.
Once uploaded, notice the Access tier is set by default.
π‘ Access tiers help balance cost and performance:
- Hot β Frequently accessed data.
- Cold β Infrequently accessed data.
Step 3: Change the Access Tier
- Select the uploaded file.
- Click Change tier β select Cold β Save.
β Youβve optimized the cost for infrequently used data.
Step 4: Create a File Share
π‘ What is a File Share?
Azure File Shares provide SMB (Server Message Block) storage in the cloud, making it easy to share files across VMs or users.
Steps:
From your storage account, select File shares β + File share.
Name it
file-share.
Disable backup (for now) β Review + Create β Create.
Open the file share β click Upload β add a file.
β You now have both blob storage and a file share.
Step 5: Create a Shared Access Signature (SAS)
π‘ What is a SAS Token?
A Shared Access Signature (SAS) provides temporary, controlled access to files without exposing the storage account keys.
Steps:
In your storage account, go to Storage browser β Blob containers.
Select your
storage-container.
Find the uploaded file β click the ellipsis (β¦) β Generate SAS.
-
Configure:
- Signing method: Account key
- Permissions: Read
- Allowed protocols: HTTPS only
Set start/expiry time β Generate SAS token & URL.
Copy the Blob SAS URL β open it in a browser β your file loads!
β Youβve just shared a file securely with a time-limited link.
Step 6: Rotate Access Keys to Revoke Access
π‘ Why rotate keys?
If a SAS token is compromised, rotating the underlying access key immediately invalidates all dependent SAS tokens.
Steps:
Go to Access keys under Security + networking.
For Key 1, click Rotate key β acknowledge warning β Yes.
Try refreshing your SAS URL, youβll get an authentication error.
β Access successfully revoked.
Conclusion
In this project, youβve learned how to:
- Create containers and file shares.
- Upload and manage files in Azure Storage.
- Control file access with SAS tokens.
- Revoke access instantly by rotating keys.
These are essential skills for cloud security and cost management. Whether youβre working in enterprise IT, DevOps, or cloud engineering, mastering storage access control helps protect sensitive data while keeping your storage strategy efficient and secure.
π Key takeaway: In Azure, storage security isnβt just about giving access, itβs about controlling, limiting, and revoking access when needed.
Top comments (0)