Azure CLI - Azure Blob Storage Other Useful Commands

In this tutorial I have executed all the below mentioned commands in Azure CLI. You can comment or uncomment any line as per the requirement.

In this tutorial we will cover below commands:

• Retrieve Blob Storage Account Access key
• Enable public read access for container
• Upload a blob to a container
• Lists the blob in a container
• Download the blob
• Copy blob within storage account
• Delete a blob
• Set the content type to file
• Get the URL for the blob
• System Properties and User-defined metadata
• Show System properties of a blob
• Set User-defined metadata of a blob
• Display blob metadata

This must be the very first line in your bash script.

#!/bin/bash

Login to Azure subscription account

In the first step you have to login to your Azure subscription account using below mentioned command. You can skip this command if already logged-in.

az login

After executing the command  you will see similar message on console.

"to sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code #h98mdtxxk to authenticate."

Declare all variables at one place

In the second step declare all the required variables at one place. So you can reuse them anywhere in the program and it is easier to find declared variables value.

resourceGroup="azurecertifications-resource-group"
location="southeastasia"
blobStorageAccount="azstorageaccount02"
containerNameImage="images"
containerNameThumbnail="thumbs"
containerImagePublicAccessLevel="container"

Retrieve Blob Storage Account Access key

Below command will return Storage Account 'key1 in key=value name-pair format and then we will parse it by '=' delimiter. Storage account key will be needed to execute all other commands which we will discuss here in this tutorial.

output=$(az storage account keys list --resource-group $resourceGroup --account-name $blobStorageAccount --query [0].value --output tsv)

blobStorageAccountKey=$( cut -d '=' -f 1- <<< "$output" )

Enable public read access for your container

A newly created container is private by default. That is, nobody can access the container without a shared access signature or the access keys for the storage account. Using Azure CLI, you can modify this behavior by setting container permissions to one of three levels:

--public-access off      (Default) No public read access

--public-access blob      Public read access to blobs only

--public-access container      Public read access to blobs, can list blobs in container


az storage container set-permission --account-name $blobStorageAccount --name $containerNameImage --account-key $blobStorageAccountKey --public-access $containerImagePublicAccessLevel

Upload a blob to a container

This operation creates the blob if it doesn't already exist, and overwrites it if it does.

az storage blob upload --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name $containerNameImage --file "C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg"

Lists the blob in a container

This command will display all the blob names exists in a container.

az storage blob list --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --output table



Download the blob

az storage blob download --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Chrysanthemum.jpg" --file ~/destination/path/for/file

Copy blob within storage account

We can copy blobs within or across storage accounts and regions asynchronously. Make sure destination container must exist before copying.

az storage blob copy start --account-name $blobStorageAccount --account-key $blobStorageAccountKey --destination-blob "Desert.jpeg" --destination-container $containerNameThumbnail --source-uri "https://azstorageaccount02.blob.core.windows.net/images/Desert.jpg"

After copy you will find copied image in destination container. For this tutorial I have verified this using Azure Portal.



Delete a blob

az storage blob delete --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Chrysanthemum.jpg"

Set the content type to blob file

The content type, also known as the MIME type, identitifies the format of the data in the blob. Browsers and other software use the content type to determine how to process the data. The following example sets the content type from image/jpeg to image/png.

az storage blob update --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Desert.jpg" --content-type image/png







Get the URL for the blob

az storage blob url --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Desert.jpg" --output tsv

Command output:   https://azstorageaccount02.blob.core.windows.net/images/Desert.jpg

System Properties and User-defined metadata

Objects in Azure Storage support system properties and user-defined metadata, in addition to the data they contain.

• System properties: System properties exist on each storage resource. Some of them can be read or set, while others are read-only. Some system properties correspond to certain standard HTTP headers. The Azure storage client library maintains these for us.


• User-defined metadata: User-defined metadata is metadata that we specify on a given resource in the form of a name-value pair. We can use metadata to store additional values with a storage resource. These additional metadata values are for our own purposes only, and do not affect how the resource behaves.

Show System properties of a blob

Each blob has several service-defined properties including its name, type, length, and others. We can also configure a blob with our own properties and their values.

az storage blob show --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Desert.jpg" --output table

Set User-defined metadata of a blob

az storage blob metadata update --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Desert.jpg" --metadata "author=azurecertifications@gmail.com" "type=blobfile"

Display blob metadata

az storage blob metadata show --account-name $blobStorageAccount --container-name $containerNameImage --account-key $blobStorageAccountKey --name "Desert.jpg" --output json

Command output:   "author=azurecertifications@gmail.com" "type=blobfile"

You can verify the same using Azure Portal. See below screenshot.





All the commands we have executed in Azure CLI here and you can do the same and manage Azure blob storage resources using Azure Storage Explorer. Click on this link for more details about Azure Storage Explorer.

---

Related Articles:

• Create Storage Account using Azure Power CLI
• Create Storage Account using Azure CLI
• Create Shared Access Signature (SAS) using Azure CLI

Azure CLI - Create Storage Account

In this tutorial I have executed all the below mentioned commands in Azure CLI. 

User can comment and uncomment any line as per the requirement. 

This must be the very first line in your bash script.

#!/bin/bash

In the first step you have to login to your Azure subscription account using 

below mentioned command. User can skip this command if already logged-in.

#Login to Azure subscription account

az login

After executing the command  user will see similar message on console.

"to sign in, use a web browser to open the page https://aka.ms/devicelogin 

and enter the code #h98mdtxxk to authenticate."

In the second step declare all the required variables at one place.

#Declare all variables at one place

export location="southeastasia"

export resourceGroup="azurecertifications-resource-group"

export storageAccountName="azstorageaccount02"

#Available options are [ Standard_LRS, Standard_ZRS,          #Standard_GRS,   Standard_RAGRS, Premium_LRS ]

export skuName = "Standard_LRS"

#Available options are [ Storage, BlobStorage ]

export kind="Storage"

 #enables Storage Service encryption on the Storage Service. Only Azure Blob and    #Azure File Services are supported. 

export enableEncryptionService="Blob"

 #Boolean Type. Accept True or False only.

export enableHttpsTrafficOnly="False" 

We can skip below step if we already know the region name where we want to create resource group.

#Get Azure Resource Locations

az account list-locations --query "[].{Region:name}" --out table

Below command will create a resource group in the given region. Resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. 

If you already have a resource group created and want to create Azure storage account in that group only then you can skip this step.

# Create a resource group 

az group create --name $resourceGroup --location $location

Note: When creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

#Create Azure Storage Account

az storage account create --name $storageAccountName --resource-group $resourceGroup --location $location --sku $skuName --kind $kind --encryption $enableEncryptionService --https-only $enableHttpsTrafficOnly

#Get Connection String for Storage Account

az storage account show-connection-string --resource-group $resourceGroup --name $storageAccountName

You will get similar output. One thing to note here is do not share your Storage Account key with anyone. To show the output of the command I have changed the Account key here.

{

  "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=azstorageaccount02;AccountKey=JspnOj3McxwpZupnAHx/IduP/oSiRw25r/zdFSzHE+2beesGfumEUiQTCx0OLt/TI+9iwtTPNGOPnk6r1y0ueeQ=="

}

# Delete Storage Account

    #Method 1

az storage account delete --ids /subscriptions/{SubscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}

Replace the placeholder text with actual value and then delete storage account if you do not it any more.

   #Method 2

az storage account delete --name $storageAccountName --resource-group $resourceGroup

All the steps which we have done here using Azure CLI you can do the same and manage Azure blob storage resources using Azure Storage Explorer. 

Click on following Azure official link  for more details about Azure Storage Explorer.

Manage Security in Azure Blob Storage with Shared Access Signature(SAS) and create SAS using Azure CLI

In this tutorial I have executed all the below mentioned commands in Azure CLI. 

User can comment and uncomment any line as per the requirement. 

This must be the very first line in your bash script.

#!/bin/bash

In the first step you have to login to your Azure subscription account using 

below mentioned command. User can skip this command if already logged-in.

#Login to Azure subscription account

az login

After executing the command  user will see similar message on console.

"to sign in, use a web browser to open the page https://aka.ms/devicelogin 

and enter the code #h98mdtxxk to authenticate."

In the second step declare all the required variables at one place.

#Declare all variables at one place

resourceGroup="azurecertifications-resource-group"

blobStorageAccount="azstorageaccount02"

containerName="myfiles"

blobName="Desert.jpg"

To execute below command you must have storage account already created. 
Click this link to learn how to create Azure storage account 
using Azure CLI.

Below command will retrieve storage account access key and using 

this key we can create containers in that.

#Retrieve Blob Storage Account Access key. 

#Below command will return Storage Account 'key1'.

output=$(az storage account keys list --resource-group $resourceGroup 

--account-name $blobStorageAccount --query [0].value --output tsv)

Key is returned in 'key=name' format so needs to parse it with '=' delimiter.

#Parse Blob Storage Account Key by '=' delimiter

blobStorageAccountKey=$( cut -d '=' -f 1- <<< "$output" )

#Create containers in storage account and disable container public access

az storage container create --account-name $blobStorageAccount 

--account-key $blobStorageAccountKey --name $containerName --public-access off

#Upload a blob to a container 

#(This operation creates the blob if it doesn't already exist, and overwrites it if it does. )

az storage blob upload --account-name $blobStorageAccount --account-key 

$blobStorageAccountKey --container-name $containerName 

--file "C:\\Users\\Public\\Pictures\\Sample Pictures\\".$blobName

 #Lists the blob in a container

az storage blob list --account-name $blobStorageAccount --container-name 

$containerName --account-key $blobStorageAccountKey --output table

Below screenshot showing that I have only 1 file in 'myfiles" container 

in storage account. In addition command also displays file properties.

#Get the URL for the blob

blobURL=$(az storage blob url --account-name $blobStorageAccount --account-key 

$blobStorageAccountKey --container-name $containerName --name 

$blobName --output tsv)

echo $blobURL

#Verify Private Access of the blob

Copy above blob URL and Navigate to the blob's URL in a private browser 

window. You will be presented with a 'ResourceNotFound' error because 

the blob is private, and you have not included a shared access signature. 

See below screenshot

 

#Create a Shared Access Signature(SAS)  URI

Follow below 3 steps to create SAS URI.

# STEP 1: Get UTC datetimes for SAS start and expiry (Example: 2017-11-30T10:00:00Z)

sasStart=`date -u +'%Y-%m-%dT%H:%M:%SZ'`

sasExpiry=`date -u +'%Y-%m-%dT%H:%M:%SZ' -d '+500 minute'`

# STEP 2: Obtain a SAS token granting read (r) access between the SAS start and expiry times

sasToken=$(az storage blob generate-sas --account-name $blobStorageAccount --account-key 

$blobStorageAccountKey --container-name $containerName --name $blobName 

--start $sasStart --expiry $sasExpiry --permissions r --output tsv)

# STEP 3: Display the full SAS URI for the blob

echo $blobURL?$sasToken

After copying generated URL you can now try to download image 

file in any browser of your choice. I tested with one I generate 

and was able to view file in browser. See below screenshot.

One thing to note here is post SAS token expiration you will  get 

'AuthenticationFailed' exception in browser. 

All the steps which we have done here using Azure CLI you can 

do the same and manage Azure blob storage resources using 

Azure Storage Explorer. Use following Azure official link  for 

more details about Azure Storage Explorer.




Related Articles:

• Create Storage Account using Azure Power CLI
• Create Storage Account using Azure CLI

Azure Power Shell - Create Storage Account

Azure Blob storage is a service for storing large amounts of unstructured object data, 

such as text or binary data, that can be accessed from anywhere in the world via 

HTTP or HTTPS.

You can use Blob storage to expose data publicly to the world, or to store application 

data privately.

In this tutorial I will show you how to create Azure Storage Account using Azure Power Shell. 

Using Azure Power Shell you can automate your daily basis manual and repetitive job.

Azure Blob storage is a service for storing large amounts of unstructured object data, 

such as text or binary data, that can be accessed from anywhere in the world via HTTP or 

HTTPS.

You can use Blob storage to expose data publicly to the world, or to store application data

 privately.

In this tutorial I will show you how to create Azure Storage Account using Azure Power Shell. 

Using Azure Power Shell you can automate your daily basis manual and repetitive job.

#Login to Azure Subscription Account

Login-AzureRmAccount

Open Power Shell terminal and type above command. A pop-up dialog, similar to below one, 

will appear to sign-in to your account. Enter your azure subscription account email-id 

and password to login.

#Declare all variables at one place

$location = "southeastasia"

$resourceGroup = "azurecertifications-resource-group" 

$storageAccountName = "azstorageaccount01"

#Available options are [ Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, 
#Premium_LRS ]

$skuName = "Standard_LRS"

#Available options are [ Storage, BlobStorage ]

$kind = "Storage"

#enables Storage Service encryption on the Storage Service. Only Azure Blob and 
#Azure File Services are supported.

$enableEncryptionService = "Blob"

#Boolean Type. Accept True or False only.

$enableHttpsTrafficOnly = "False" 

#Get Azure Resource Locations if you want to get whole list of available 
#locations provided by Azure.

Get-AzureRmLocation | select Location

#Create Resource Group

New-AzureRmResourceGroup -Name $resourceGroup -Location $location

#Create Azure Storage Account

New-AzureRmStorageAccount -ResourceGroupName $resourceGroup
-Name $storageAccountName -Location $location -SkuName $skuName -Kind $kind
-EnableEncryptionService $enableEncryptionService
-EnableHttpsTrafficOnly $enableHttpsTrafficOnly

All the steps which we have done here using Azure Power Shell you can do the same and manage

Azure blob storage resources using 'Azure Storage Explorer'. click on following Azure official 

link  for more details on Azure Storage Explorer.

Related Articles:

• Create Storage Account using Azure CLI
• Create Shared Access Signature (SAS) using Azure CLI