Azure Storage Account

Overview

• Azure Storage is a Microsoft-managed service providing cloud storage that is highly available, secure, durable, scalable, and redundant

• The service acts as a container for multiple data storage types e.g., Azure Blob Storage, Azure Files, and more

Azure Subscription
└── Storage Account(s)
    └── Azure Blob Storage Container(s)
        └── Blob(s) aka files
        
    └── Azure Files
        └── SMB File Share(s)
        └── NFS File Share(s)
        
    └── Azure Elastic SAN
        └── Volume Group(s)
            └── Storage Volume(s)
            
    └── Azure Queues
        └── Queue(s)
            └── Messages(s)
            
    └── Azure Tables
        └── Table(s)
            └── Entities
                └── Properties
                
    └── Azure Managed Disks
        └── Storage Volume(s)
        
    └── Azure Container Storage
        └── Storage Volume(s)

Authentication Methods

• There are three methods for obtaining access to Azure Storage

Microsoft Entra Credentials

• Storage permissions can be assigned to an Entra security principal (user/group/app/managed identity)

Account Access Key

• When an Azure Storage account gets created, two keys are generated which provides full access to all data in the storage account

• Therefore these should be monitored and protected well

SAS (Shared Access Signature) Token

• A shareable link that enables granting limited access to containers in blobs within a storage account

• This is similar to AWS S3 PreSigned URLs

• Either an Azure Storage Account Access Key or Entra credentials can be used as the signing key to generate this token

CLI Cheat Sheet

GitBookapp.gitbook.com