Techman's Blog
How to Create An Azure Blob Storage Account and And Store confidential document with a Private(no anonymous access)

How to Create An Azure Blob Storage Account and And Store confidential document with a Private(no anonymous access)

Stillfreddie Techman's photo
Stillfreddie Techman
·

6 min read

Good day to everyone reading my Blog, I am Freddie or you can as well call me Techman, i just started creating blogs on Hashnode, today i will be showing us how to Create an Azure Blob Storage account , upload a document then making sure it is not Publicly accessible, and in the End granting an external user 5 minutes access to the document using SAS (Shared Access Signature) token URL without giving them full access to the storage account.

Step 1. Go to your Azure Portal via portal.azure.com and sign in your credentials, on the search bar search for storage, then click on Storage Accounts

.

Step 2.

Click on Create a storage account.

Step 3.

Under Basics Tab, you will see Subscription Which is Azure Subscription 1 for those using azure free tier account, scroll to resource group, create a new resource group by giving it a name and press OK. If you already have a resource group created before you can proceed with that.

Step 4.

Under Storage account name, Give your storage name a unique name , meaning a name that is unique only to your Azure account, that has never been used by every other azure users.

Then select any region of your choice from the drop down, for the course of this Study i will select "South Central US".

Primary Service: From the Drop down select Azure Blob Storage or Azure Data Lake Storage Gen 2.

Performance: Click on Standard

Redundancy Level: From The Drop down click on Geo-redundant storage (GRS) then below it check the option for "Make read access to data available in the event of regional unavailability" by checking this box this means we have switched our redundancy level to "RA-GRS". Then click Next.

Step 5.

Under the Advance Tab , Make sure you check the box Allow Enabling anonymous access on individual containers. in other words it means we are giving permission to the specific container we created in a cloud environment, to be accessible without authentication, which we will still restrict access as we proceed in this Blog. Then leave every other remaining options by default..

Step 6.

Leave Every box in step 6 Unchecked by default, Proceed to the Next step.

Step 7.

Under Blob Storage you will scroll to Access tier, click on Hot: "Optimized frequently access data and everyday usage scenarios. which means the access tier we select for our Blob Storage is hot, because the type of data you are saving are the types that will be frequently accessed, and this type of access tier provides low latency and high performance. Then click Next.

Step 8.

Under the Networking Tab, scroll to network access and click on Enable Public access from all networks , meaning any IP address or network can access the blob URL.

Step 9.

Then scroll down to Network Routing, Routing Preference Select Microsoft Network Routing and click Next.

Step 10.

Under the data Protection Tab Scroll down and check the box Enable soft delete for blobs , under days to retain deleted blobs you can pick days between 1 to 365 days for the course of this study we will pick 7 days.

Step 11.

Check the box "Enable Soft delete for containers , Scroll to Days to retain Container , we will pick 7 days like we did earlier.

Then check the box Enable soft delete for files shares, scroll to Days to retain deleted files shares, we will pick 7 days as well. Leave other options unchecked as default.

Step 12.

Leave Step 12 boxes Unchecked as default and click Next.

Step 13.

Under the Encryption Tab , Scroll to Encryption Type and Click on Microsoft-managed keys (MMK)

Under Enable Support for customer-managed keys Select Blobs and files only. Proceed by clicking Next.

Step 14.

Under Tags, Leave it as Default , Proceed By clicking Next.

Step 15.

Review and Create Tab, Scroll down and Click on Create.

Step 16.

Deployment in Progress, Wait until it finish deploying.

Step 17.

Your Deployment is complete , Click on Go to Resource.

Step 18.

After Clicking on go to resource , on your Lower Left side click on Containers.

Step 19.

Click on the + sign to create a container.

Step 20.

Give your container a name in my case it would be "livingtech" Under Anonymous access level click on the drop down , and Select Private(No Anonymous Access) this is the part to restrict access to your Blob and until you grant access to a specific temporary access to a user to view your blob. Then click Create.

Step 21.

Once you have given your container a name, check the box beside the name and double click the name of your container. also if you check the anonymous level of our container it has been set to Private, which means unless permission to read is granted , the SAS URL cannot be access by any user.

Step 22. Once you are Inside your created container, Click on the option to select a file to upload, once you are done selecting the specific blob you want to upload into your container, Click Upload and wait for it to get uploaded.

Step 23.

Once your blob has been uploaded into the container, you will see your blob visible inside the container, in my own case for the course of this study my blob uploaded is "AWS DEVOPS SYLLABUS-1.pdf"

Step 24.

Check the Box beside your Blob name and Double click on your Blob uploaded then navigate to Generate SAS.

Step 25.

Under generate SAS, Navigate to signing method and click on Account Key.

Signing Key : Key 1

Stored Access policy: None

Permission: On the drop down click Read. meaning we are giving a read only permission to the blob we uploaded.

Step 25.

Due to the fact that we are giving a read permission only to the blob we created and our anonymous level has been set to Private which means nobody can access the blob URL, we have to Grant access to a specific user to be able to view our blob for 5 mins via SAS (Shared Access Signature) token and URL Start date : Feb 8th 2025 2:55:29AM to Feb 8th 2025 3:00:29 AM

Scroll down to Allowed protocols and click on HTTPS only.

Click on generate SAS token and URL.

Step 26.

Finally, after generating our Blob SAS token and URL , we will copy the URL and give it to the specific user we granted Read access and they can view the Blob for only 5 minutes, after 5 minutes the permission expires.

Thank you for taking time to read my blog, I have been able to demonstrate, with pictorial illustrations on how to create Azure Blob Storage account, Store a confidential document in it,while ensuring it is not publicly access, then sharing the document with an external user for 5 mins.

Azureazure-storageazure-blobstorageCloud Computing#cloudcomputing #cloud #technology #cybersecurity #aws #bigdata #devops #it #datacenter #azure #cloudstorage #linux #programming #software #tech #iot #cloudservices #coding #cloudsecurity #machinelearning #informationtechnology #datascience #business #python #security #microsoft #dataprotection #networksecurity #data #artificialintelligencecloud-storageDevopsDevOps JourneyData Storageserverlessnetworking