5 min Create and configure blob storage with a container and access it with SAS

2 years ago

espenk

3 minutes

https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator/blob/master/Instructions/Labs/LAB_07-Manage_Azure_Storage.md

Task 2: Create and configure Azure Storage accounts, follow the steps in the URL (If you need to)
Task 3: Manage blob storage
Task 4: Manage authentication and authorization for Azure Storage

Task 2 :

So we have our rg and storage account ready, let’s add a blob container

az104-07-rg1

az10407storageaccount

On the networking tab, we accept the default option Public endpoint (all networks}. This is secure, you need the KEY or SAS to access it.

Task 3:

Create a blob container and upload a blob into it.

Here we have uploaded a .txt file to our az104-07-container

Task 4: Manage authentication and authorization for Azure Storage

In this task, you will configure authentication and authorization for Azure Storage.

On the txt file blade, on the Overview tab, click Copy to clipboard button next to the URL entry.

Open another browser window by using InPrivate mode and navigate to the URL you copied in the previous step,

You should be presented with an XML-formatted message stating ResourceNotFound or PublicAccessNotPermitted.

Note: This is expected, since the container you created has the public access level set to Private (no anonymous access).

https://az10407storageaccount.blob.core.windows.net/az104-07-container/Lorem%20Ipsum.txt

ResourceNotFound
The specified resource does not exist. RequestId:5c051883-501e-0059-2519-c5f485000000 Time:2021-10-19T18:44:32.4558752Z

Return to the txt file window and switch to the Generate SAS tab, specify the following settings (leave others with their default values)

Click Copy to clipboard button next to the Blob SAS URL entry

You should now be able to see the text

Close the InPrivate mode browser window, return to the browser window showing the txt blade of the Azure Storage container, and from there, navigate back to the az104-07-container blade.

Note: You can see an error when you change the authentication method (the error is “You do not have permissions to list the data using your user account with Azure AD”). It is expected.
Note: At this point, you do not have permissions to change the Authentication method.

On the az104-07-container blade, click Access Control (IAM).

In the Add section, click Add a role assignment.

On the Add role assignment blade, specify the following settings:

Save the change and return to the Overview blade of the az104-07-container container and verify that you can change the Authentication method to (Switch to Azure AD User Account). (It could take some minutes.)

Azure AD

Assign an Azure role for access to blob data – Azure Storage | Microsoft Docs