Categories

Showing posts with label Azure Storage Account. Show all posts
Showing posts with label Azure Storage Account. Show all posts

Saturday, December 2, 2017

Azure CLI - Create Storage Account

In this tutorial I have executed all the below mentioned commands in Azure CLI. 
User can comment and uncomment any line as per the requirement. 

 This must be the very first line in your bash script.

#!/bin/bash

In the first step you have to login to your Azure subscription account using 
below mentioned command. User can skip this command if already logged-in.

#Login to Azure subscription account
az login

After executing the command  user will see similar message on console.

"to sign in, use a web browser to open the page https://aka.ms/devicelogin 
and enter the code #h98mdtxxk to authenticate."

In the second step declare all the required variables at one place.

#Declare all variables at one place
export location="southeastasia"
export resourceGroup="azurecertifications-resource-group"
export storageAccountName="azstorageaccount02"

#Available options are [ Standard_LRS, Standard_ZRS,          #Standard_GRS,   Standard_RAGRS, Premium_LRS ]
export skuName = "Standard_LRS"

#Available options are [ Storage, BlobStorage ]
export kind="Storage"

 #enables Storage Service encryption on the Storage Service. Only Azure Blob and    #Azure File Services are supported. 
export enableEncryptionService="Blob"

 #Boolean Type. Accept True or False only.
export enableHttpsTrafficOnly="False" 

We can skip below step if we already know the region name where we want to create resource group.

#Get Azure Resource Locations
az account list-locations --query "[].{Region:name}" --out table

Below command will create a resource group in the given region. Resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. 

If you already have a resource group created and want to create Azure storage account in that group only then you can skip this step.

# Create a resource group 
az group create --name $resourceGroup --location $location

Note: When creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

#Create Azure Storage Account
az storage account create --name $storageAccountName --resource-group $resourceGroup --location $location --sku $skuName --kind $kind --encryption $enableEncryptionService --https-only $enableHttpsTrafficOnly

#Get Connection String for Storage Account
az storage account show-connection-string --resource-group $resourceGroup --name $storageAccountName

You will get similar output. One thing to note here is do not share your Storage Account key with anyone. To show the output of the command I have changed the Account key here.

{
  "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=azstorageaccount02;AccountKey=JspnOj3McxwpZupnAHx/IduP/oSiRw25r/zdFSzHE+2beesGfumEUiQTCx0OLt/TI+9iwtTPNGOPnk6r1y0ueeQ=="
}

# Delete Storage Account
    #Method 1
az storage account delete --ids /subscriptions/{SubscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}

Replace the placeholder text with actual value and then delete storage account if you do not it any more.

   #Method 2
az storage account delete --name $storageAccountName --resource-group $resourceGroup


All the steps which we have done here using Azure CLI you can do the same and manage Azure blob storage resources using Azure Storage Explorer. 

Click on following Azure official link  for more details about Azure Storage Explorer.

Read more »
Posted by at No comments:
Labels: ,

Manage Security in Azure Blob Storage with Shared Access Signature(SAS) and create SAS using Azure CLI


In this tutorial I have executed all the below mentioned commands in Azure CLI. 
User can comment and uncomment any line as per the requirement. 

 This must be the very first line in your bash script.

#!/bin/bash

In the first step you have to login to your Azure subscription account using 
below mentioned command. User can skip this command if already logged-in.

#Login to Azure subscription account
az login

After executing the command  user will see similar message on console.

"to sign in, use a web browser to open the page https://aka.ms/devicelogin 
and enter the code #h98mdtxxk to authenticate."

In the second step declare all the required variables at one place.

#Declare all variables at one place

resourceGroup="azurecertifications-resource-group"
blobStorageAccount="azstorageaccount02"
containerName="myfiles"
blobName="Desert.jpg"

To execute below command you must have storage account already created. 
Click this link to learn how to create Azure storage account 
using Azure CLI.

Below command will retrieve storage account access key and using 
this key we can create containers in that.

#Retrieve Blob Storage Account Access key. 
#Below command will return Storage Account 'key1'.

output=$(az storage account keys list --resource-group $resourceGroup 
--account-name $blobStorageAccount --query [0].value --output tsv)

Key is returned in 'key=name' format so needs to parse it with '=' delimiter.
#Parse Blob Storage Account Key by '=' delimiter

blobStorageAccountKey=$( cut -d '=' -f 1- <<< "$output" )

#Create containers in storage account and disable container public access

az storage container create --account-name $blobStorageAccount 
--account-key $blobStorageAccountKey --name $containerName --public-access off

#Upload a blob to a container 
#(This operation creates the blob if it doesn't already exist, and overwrites it if it does. )

az storage blob upload --account-name $blobStorageAccount --account-key 
$blobStorageAccountKey --container-name $containerName 
--file "C:\\Users\\Public\\Pictures\\Sample Pictures\\".$blobName

 #Lists the blob in a container

az storage blob list --account-name $blobStorageAccount --container-name 
$containerName --account-key $blobStorageAccountKey --output table

Below screenshot showing that I have only 1 file in 'myfiles" container 
in storage account. In addition command also displays file properties.





#Get the URL for the blob
blobURL=$(az storage blob url --account-name $blobStorageAccount --account-key 
$blobStorageAccountKey --container-name $containerName --name 
$blobName --output tsv)

echo $blobURL





#Verify Private Access of the blob
Copy above blob URL and Navigate to the blob's URL in a private browser 
window. You will be presented with a 'ResourceNotFound' error because 
the blob is private, and you have not included a shared access signature. 
See below screenshot


 









#Create a Shared Access Signature(SAS)  URI

Follow below 3 steps to create SAS URI.

# STEP 1: Get UTC datetimes for SAS start and expiry (Example: 2017-11-30T10:00:00Z)

sasStart=`date -u +'%Y-%m-%dT%H:%M:%SZ'`
sasExpiry=`date -u +'%Y-%m-%dT%H:%M:%SZ' -d '+500 minute'`

# STEP 2: Obtain a SAS token granting read (r) access between the SAS start and expiry times

sasToken=$(az storage blob generate-sas --account-name $blobStorageAccount --account-key 
$blobStorageAccountKey --container-name $containerName --name $blobName 
--start $sasStart --expiry $sasExpiry --permissions r --output tsv)

# STEP 3: Display the full SAS URI for the blob

echo $blobURL?$sasToken





After copying generated URL you can now try to download image 
file in any browser of your choice. I tested with one I generate 
and was able to view file in browser. See below screenshot.












One thing to note here is post SAS token expiration you will  get 
'AuthenticationFailed' exception in browser. 

All the steps which we have done here using Azure CLI you can 
do the same and manage Azure blob storage resources using 
Azure Storage Explorer. Use following Azure official link  for 
more details about Azure Storage Explorer.
Related Articles:




Posted by at 2 comments:
Labels: , , , , , ,

Friday, December 1, 2017

Azure Power Shell - Create Storage Account

Azure Blob storage is a service for storing large amounts of unstructured object data, 
such as text or binary data, that can be accessed from anywhere in the world via 
HTTP or HTTPS.

You can use Blob storage to expose data publicly to the world, or to store application 
data privately.

In this tutorial I will show you how to create Azure Storage Account using Azure Power Shell. 
Using Azure Power Shell you can automate your daily basis manual and repetitive job.
Azure Blob storage is a service for storing large amounts of unstructured object data, 
such as text or binary data, that can be accessed from anywhere in the world via HTTP or 
HTTPS.

You can use Blob storage to expose data publicly to the world, or to store application data
 privately.

In this tutorial I will show you how to create Azure Storage Account using Azure Power Shell. 
Using Azure Power Shell you can automate your daily basis manual and repetitive job.

#Login to Azure Subscription Account

Login-AzureRmAccount

Open Power Shell terminal and type above command. A pop-up dialog, similar to below one, 
will appear to sign-in to your account. Enter your azure subscription account email-id 
and password to login.


Azure sign-in pop-up dialog
















#Declare all variables at one place

$location = "southeastasia"
$resourceGroup = "azurecertifications-resource-group" 
$storageAccountName = "azstorageaccount01"

#Available options are [ Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, 
#Premium_LRS ]
$skuName = "Standard_LRS"

#Available options are [ Storage, BlobStorage ]
$kind = "Storage"

 #enables Storage Service encryption on the Storage Service. Only Azure Blob and 
#Azure File Services are supported.
$enableEncryptionService = "Blob"

#Boolean Type. Accept True or False only.
$enableHttpsTrafficOnly = "False" 

#Get Azure Resource Locations if you want to get whole list of available 
#locations provided by Azure.

Get-AzureRmLocation | select Location

#Create Resource Group

New-AzureRmResourceGroup -Name $resourceGroup -Location $location

#Create Azure Storage Account

New-AzureRmStorageAccount -ResourceGroupName $resourceGroup
-Name $storageAccountName -Location $location -SkuName $skuName -Kind $kind
-EnableEncryptionService $enableEncryptionService
-EnableHttpsTrafficOnly $enableHttpsTrafficOnly


All the steps which we have done here using Azure Power Shell you can do the same and manage
Azure blob storage resources using 'Azure Storage Explorer'click on following Azure official 
link  for more details on Azure Storage Explorer.



Related Articles:


Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)