You are currently viewing [Exercise] Implement and use Azure Blob Storage
Microsoft Azure

[Exercise] Implement and use Azure Blob Storage

[Exercise] Implement and use Azure Blob Storage

Are you looking for a step-by-step exercise to implement and use Azure Blob Storage? here are the steps to implement Azure Blob Storage.

The main tasks for this exercise are as follows:

  1. Create Azure Storage accounts
  2. Review configuration settings of Azure Storage accounts
  3. Manage Azure Storage Blob Service
  4. Copy a container and blobs between Azure Storage accounts
  5. Use a Shared Access Signature (SAS) key to access a blob

Task 1: Create Azure Storage accounts

Step 1: In the Azure portal, navigate to the New blade.

Step 2: From the New blade, search Azure Marketplace for Storage account – blob, file, table, queue.

Step 3: Use the list of search results to navigate to the Create storage account – blob, file, table, queue blade.

Step 4: From the Create storage account blade, create a new storage account with the following settings:

  • Subscription: Free Tier
  • Resource group: the name of a new resource group az1000202-RG
  • Storage account name: jigneshsg1 (update this as per your requirement)
  • Location: East US
  • Performance: Standard
  • Account kind: Storage (general purpose v1)
  • Replication: Locally-redundant storage (LRS)

Step 5: Click Review + create, and then click Create.

[Exercise] Implement and use Azure Blob Storage
Azure Storage Account

Do not wait for the storage account to be provisioned but proceed to the next step.

Step 6: In the Azure portal, navigate to the New blade.

Step 7: From the New blade, search Azure Marketplace for Storage account – blob, file, table, queue.

Step 8: Use the list of search results to navigate to the Create storage account – blob, file, table, queue blade.

Step 9: From the Create storage account blade, create a new storage account with the following settings:

  • Subscription: Free Tier
  • Resource group: the name of a new resource group az1000203-RG
  • Storage account name: jigneshsg2 (update this as per your requirement)
  • Location: South Central US (the name of an Azure region different from the one you chose when creating the first storage account)
  • Performance: Standard
  • Account kind: StorageV2 (general purpose v2)
  • Replication: Geo-redundant storage (GRS)
  • Access tier (default): Hot

Step 10: Click Review + create, then click Create.

[Exercise] Implement and use Azure Blob Storage
Azure Storage Account 2

Wait for the storage account to be provisioned. This should take less than a minute.

Task 2: Review configuration settings of Azure Storage accounts

Step 1: In Azure Portal, navigate to the blade of the first storage account you created.

Step 2: With your storage account blade open, review the storage account configuration in the Overview section, including the performance, replication, and account kind settings.

Step 3: Display the Access keys blade. Note that you have the option of copying the values of storage account name, as well as the values of key1 and key2. You also have the option to regenerate each of the keys.

Step 4: Display the Configuration blade of the storage account.

Step 5: On the Configuration blade, note that you have the option of performing an upgrade to General Purpose v2 account, enforcing secure transfer, and changing the replication settings to either Geo-redundant storage (GRS) or Read-access geo-redundant storage (RA-GRS). However, you cannot change the performance setting (this setting can only be assigned when the storage account is created).

Step 6: Display the Encryption blade of the storage account. Note that encryption is enabled by default and that you have the option of using your own key.

Note: Do not change the configuration of the storage account.

Step 7: In Azure Portal, navigate to the blade of the second storage account you created.

Step 8: With your storage account blade open, review the storage account configuration in the Overview section, including the performance, replication, and account kind settings.

Step 9: Display the Configuration blade of the storage account.

Step 10: On the Configuration blade, note that you have the option of disabling the secure transfer requirement, setting the default access tier to Cool, and changing the replication settings to either Locally-redundant storage (LRS) or Read-access geo-redundant storage (RA-GRS). In this case, you also cannot change the performance setting.

Step 11: Display the Encryption blade of the storage account. Note that in this case encryption is also enabled by default and that you have the option of using your own key.

Task 3: Manage Azure Storage Blob Service

Step 1: In the Azure portal, navigate to the Containers blade of the first storage account you created.

Step 2: From the Containers blade of the first storage account, create a new container named az1000202-container with the Public access level set to Private (no anonymous access).

Step 3: From the az1000202-container blade, upload any files.

[Exercise] Implement and use Azure Blob Storage
Azure Storage Account | Containers
[Exercise] Implement and use Azure Blob Storage
Azure Storage Account Containers With Image

Task 4: Copy a container and blobs between Azure Storage accounts

Step 1: From the Azure Portal, start a PowerShell session in the Cloud Shell pane.

[Exercise] Implement and use Azure Blob Storage
Azure Storage Account Power Shell

Step 2: In the Cloud Shell pane, run the following commands:

$containerName = ‘az1000202-container’

$storageAccount1Name = (Get-AzStorageAccount -ResourceGroupName ‘az1000202-RG’)[0].StorageAccountName

$storageAccount2Name = (Get-AzStorageAccount -ResourceGroupName ‘az1000203-RG’)[0].StorageAccountName

$storageAccount1Key1 = (Get-AzStorageAccountKey -ResourceGroupName ‘az1000202-RG’ -StorageAccountName $storageAccount1Name)[0].Value

$storageAccount2Key1 = (Get-AzStorageAccountKey -ResourceGroupName ‘az1000203-RG’ -StorageAccountName $storageAccount2Name)[0].Value

$context1 = New-AzStorageContext -StorageAccountName $storageAccount1Name -StorageAccountKey $storageAccount1Key1

$context2 = New-AzStorageContext -StorageAccountName $storageAccount2Name -StorageAccountKey $storageAccount2Key1

Step 3: In the Cloud Shell pane, run the following command:

New-AzStorageContainer -Name $containerName -Context $context2 -Permission Off

[Exercise] Implement and use Azure Blob Storage
Azure Storage Power Shell Command

Note: This command creates a new container with the matching name in the second storage account

Step 4: In the Cloud Shell pane, run the following commands:

$containerToken1 = New-AzStorageContainerSASToken -Context $context1 -ExpiryTime(get-date).AddHours(24) -FullUri -Name $containerName -Permission rwdl

$containerToken2 = New-AzStorageContainerSASToken -Context $context2 -ExpiryTime(get-date).AddHours(24) -FullUri -Name $containerName -Permission rwdl

Note: These commands generate SAS keys that you will use in the next step to copy blobs between two containers.

Step 5: In the Cloud Shell pane, run the following command:

azcopy cp $containerToken1 $containerToken2 –recursive=true

[Exercise] Implement and use Azure Blob Storage
Azure Storage Power Shell Command 2

Note: This command uses the AzCopy utility to copy the content of the container between the two storage accounts.

Step 6: Verify that the command returned the results confirming that the two files were transferred.

Step 7: Navigate to the Blobs blade of the second storage account and verify that it includes the entry representing the newly created az1000202-container and that the container includes two copied blobs.

[Exercise] Implement and use Azure Blob Storage
Azure Storage Account 2 Power Shell

Task 5: Use a Shared Access Signature (SAS) key to access a blob

Step 1: From the Containers blade of the second storage account, navigate to the container az1000202-container, and then open the JIGNESH DARJI.JPG blade.

Step 2: On the JIGNESH DARJI.JPG blade, copy the value of the URL property.

Step 3: Open another Microsoft Edge window and navigate to the URL you copied in the previous step.

Note: The browser will display the ResourceNotFound. This is expected since the container has the Public access level set to Private (no anonymous access).

[Exercise] Implement and use Azure Blob Storage
Azure Blob Private Access

Step 4: On the JIGNESH DARJI.JPG blade, generate a shared access signature (SAS) and the corresponding URL with the following settings:

  • Permissions: Read
  • Start date/time: specify the current date/time in your current time zone
  • Expiry date/time: specify the date/time 24 hours ahead of the current time
  • Allowed IP addresses: leave blank
  • Allowed protocols: HTTP
  • Signing key: Key 1
[Exercise] Implement and use Azure Blob Storage
Generate a Shared Access Signature (SAS)

Step 5: On the JIGNESH DARJI.JPG blade, copy Blob SAS URL.

Step 6: From the previously opened Microsoft Edge window, navigate to the URL you copied in the previous step.

Note: This time, you will be prompted whether you want to open or save JIGNESH DARJI.JPG. This is expected as well, since this time you are no longer accessing the container anonymously, but instead you are using the newly generated SAS key, which is valid for the next 24 hours.

[Exercise] Implement and use Azure Blob Storage
Azure Blob Access using the newly Generated SAS key

Step 7: Close the Microsoft Edge window displaying the prompt.

Result: After you completed this exercise, you have created two Azure Storage accounts, reviewed their configuration settings, created a blob container, uploaded blobs into the container, copied the container and blobs between the storage accounts, and used a SAS key to access one of the blobs.