2.4 Create and Configure Blob Containers

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

19 hours 58 minutes
Video Transcription
Welcome back. In this episode, we're gonna go into a little bit more detail on blobs and containers inside our newly created storage accounts.
My learning objectives for you include creating blob containers, configuring blob access and uploading data to our blob containers.
So we mentioned a little bit in a previous episode. But what are blob containers? Containers are inside the blob's service and are used organized A set of blob data objects. The container is similar to a folder or directory in a file system. This image to the right, is an example of what a container and it's blobs might look like.
You can see we have our storage account there or account
at the very top. Inside of that, we have two containers named pictures and movies and each side of those containers. We have our blob objects, like the J P G images or dot FBI movies.
You can have an unlimited number of containers inside of a blob, and those containers can store on unlimited number of blobs inside of those.
Currently, the max size for a storage account is two petabytes for the U. S. And Europe and 500 terabytes for other regions, so you can see you have plenty of storage to upload your different blob objects into their containers.
There are several options when configuring security access to a storage account. But as your blobs are the only kind that support the following four options
as your active directory,
a shared key to the storage account,
a shared access signature or configuring anonymous public read access
and a later episode I will cover the shared key and shared access signatures in more detail. But for now, I want to focus on the anonymous public read Access Public Read Axis is used in scenarios where you want blobs to always be available for anonymous read access,
for example, you may have a website has lots of videos or images available for people to view.
You can use blob storage to host these files for people visiting your website, where they only need that read only anonymous access
when creating in a container and configuring this access. There are currently three options. The first is no public read axis mean the container and the blobs air only accessible by the storage account owner. This is the default option.
The second is public read access for blobs on lee, meaning the blobs in the container can be read anonymously, but the container data cannot. This means anonymous clients cannot enumerate or see the other blobs within the container.
The third option is public. Read access for container and blobs, meaning all the data in the container in the block can be read anonymously.
Anonymous clients can. Then it also enumerated other blobs inside the container, but they still won't be able to see other containers within the storage account. Let's jump over to the azure portal and see what this looks like.
Harry. Hard back in our azure portal. And as I mentioned in a previous episode, we're gonna
be exploring different ways to access. Our resource is so previously we just accessed. Um,
our storage accounts over here on the left, under our favorites or
right here in the middle under azure service is But we do have this search bar up here where we can search for resource is service's or any other of our objects inside of our azure portal.
So let's go up here and search for my storage account.
So, as you can see, this is gonna pull up several different options. It's gonna pull up. Service is where it finds a match or even resource is where it finds a match. So let's go take a look at our storage accounts and access our version to storage account.
Now, the screen should be a little familiar to you. This is giving the overview of our storage account that recreated. And now we're gonna go into service is and check out our blob storage
inside of our blob. Service is this is where we can create our containers, which are going to group are different blob objects. Let's go ahead and create our first container.
And here we have where we can set the public access level. Let's look at this drop down
and our three options are the private or no anonymous access. The Blob Anonymous read access for blobs on Lee or our container public access, where the anonymous read access is for the containers and the blobs.
For this example, I'm just going to select this a very bottom one for a container.
After selecting that, we're gonna get this little bit of a warning just saying all the container and blob data is going to be read by anonymous request.
This is just letting you know that there's not gonna be in a security around it and clients will be able to make anonymous request to view the objects inside of this container.
If you ever forget what the different public access levels are or mean, you can have her over this little eye for additional information. It's gonna give you this pop out window here and explain what each level does and how much access it gives.
Let's go ahead and click on okay to create our container.
If, after we create a container, if we want to change the access level, all we need to do is let the box for the container
and then select change access level.
This will bring backup are dropped down that we just saw so we can change the access level if needed. I'm gonna go ahead and click on cancel, cause I like the access level. I created it.
Now that we have our container, let's go take a look at some of its properties.
The main thing I want to point out in this container's properties is this girl here you can see we have the name of our storage account, that blob duck core that windows dot net slash my container, which is the name of the container we just created.
This is the https your l that you can use to access objects with inside the container, which is inside that blob service inside the storage account.
Let's go ahead and go into our container,
and you can see we currently do not have any blob objects inside of it. So let's go ahead and upload a blob object.
I'm gonna navigate to my desktop where I have a folder here with a picture from a vacation a couple of years ago.
Once this is selected, we can look at advanced
or we have some different authentication types, and we also can choose what type of blood type this is
going back to our three types of block, blob, page, blob or pin blob. Since this is an image, I just want to select block blob.
Let's click on upload.
We can see our image here has been uploaded.
If you look over here, it's already in the hot access tear. Minions gonna be frequently accessed and there's our block blob, blob type
for you. And click these three little dots over here. We can go look at the Blob properties
here. We can see additional information like we just saw, like the type which is blocked blob in the access tear. But more importantly, we have a you Earl here that we can use to access the blob inside of the container. Let's go ahead and click on the copy, but in here,
open up a new tab
paste in this girl
and there you have it. There's the vacation picture that I uploaded, which is me at the top of observation point in Zion National Park.
And again if he noticed in our Euro here we have the name of our storage account blob dot cored out windows, not in debt, which is the default when creating a blob service inside of a storage account.
We have our container name, and then we have our blob name right here,
going back to our blob properties. We can go back and change the tear if we needed to. In case this does not need to be in our hot tear,
just like the drop down list.
And we can select cool or archive. Now, if you remember back to an earlier episode, storage accounts themselves cannot be. And at the archive tear on Lee, individual objects in the Blob containers can be set archive
that covers it for this demo. Let's jump back to the slides and wrap up this episode.
Well, that does it for a demo where we created a blob container we configured access forward. And then we also uploaded some data to the container.
Looking forward in the next episode, we're going to look at those storage account access keys and shared access signatures that I hinted at earlier
Let's continue to the next episode.
Up Next