Introduction
In this post, I'll walk you through the process of providing Storage for a fictitious IT department, in the Azure portal. For the department, the data isn’t important enough to back up and doesn’t need to be restored if the data is overwritten or removed.
Prerequisites
Before we start, you'll need a Microsoft Account and an Azure free trial account. I covered opening a free trial account here
Step 1: Creating a resource group
Go to the Azure Portal Dashboard, and at the search bar - at the top level of the page - search and select Resource groups. This navigates to another page. While on that page select + create. On the next page, you are required to name your resource group. Go ahead and name your resource group. Then select a region. At the bottom of the page select the Review + create button to validate the resource group.
Select the 'create' button to deploy the resource group. The image below shows the created resource group.
Step 2: Creating and deploying a storage account
On the page of the resource group and the search bar - at the top level of the page - search and select Storage Accounts.
This navigates to another page. While on that page select + create at the upper left of the page or click on the create storage account button on that page.
This next page has 6 Tabs namely Basics, Advanced, Networking, Data protection, Encryption, Tags and Review + create.
At the Basics tab, select the Resource group label under the project details section and select the Resource group created in Step 1.
Next, Under the Instance details section, give the storage account a unique name, select the (US)East US option at the Region label, and for the Performance label, select the standard radio button.
Accept the default Redundancy label option as shown. Afterward, select the Review + create button on the page and subsequently the "Create" button.
Wait for the storage account to deploy.
After successfully deploying, click the go to resource button.
Step 3: Configure settings in the Storage Account.
I: Data in this storage account does not need to be highly available.
We want to configure this storage account with the most basic settings. We don't have to worry if data isn't highly available. To do this, select Data Management at the left-hand side of the page and the Redundancy blade.
Select the Locally redundant Storage (LRS) option from the Redundancy label. The reason for this is that "the data isn’t important enough to back up and doesn’t need to be restored if the data is overwritten or removed". As a result, High availability isn't required. This means the redundancy can take the least available option which is Locally redundant Storage.
Click save at the top of the page.
Previously, 2 locations may have shown up on the map displayed on this page. However, since we selected the Locally redundant Storage (LRS) option from the Redundancy label, only one location will be displayed on the map. Refresh the page if this isn't displaying.
II: Storage account should only accept requests from secure connections.
The next configuration to set is to make the Storage account only accept requests from secure connections. To do this, follow these steps:
- Locate settings at the left-hand side of the page, and select
the Configuration blade.
- At the page displayed, confirm that Secure Transfer required is Enabled
III: Storage account should use a TLS version.
For the Storage account to use a TLS version,
- go to settings
- select configuration blade,
-Then, set Minimal TLS Version to version 1.2
IV: Request to the storage account is disabled until needed
For disabling requests to the storage account until required,
- Select Settings, then
- Select the Configuration blade.
- In the Allow Storage Account key access label, select the Disabled radio button.
- Select the Save icon at the top level of the page.
V: Allow Storage Account to permit public access from all Networks.
For the last configuration in this task which is to permit public access from all Networks, follow the steps listed below:
- At the left-hand side of the storage account page, select Security + networking
- Select the Networking blade
- set Public network access to Enabled from all network
- Click the Save icon of the page to save the changes.
Conclusion
To avoid unnecessary charges, delete your resource group if you will not be using it. You can do this from the Azure portal by navigating to your Resource group and clicking the "delete resource group" button.
In this post, we successfully created a Resource group which is a container for our storage account. We adjusted some basic settings for the storage account and saved these settings. Remember to monitor your usage to stay within the free tier limits and delete resources when they are no longer needed. Stay tuned for more posts on cloud development with Azure!
Cover Image by Markus Spiske on Unsplash
Top comments (0)