2.4 Create and Configure Blob Containers

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
>> Welcome back.
00:00
In this episode we're going to go into
00:00
a little bit more detail on
00:00
Blobs and containers inside
00:00
our newly created storage accounts.
00:00
My learning objectives for you
00:00
include: creating Blob containers,
00:00
configuring Blob access, and
00:00
uploading data to our Blob containers.
00:00
We mentioned a little bit in a previous episode,
00:00
but what are Blob containers?
00:00
Containers are inside the Blob service and are
00:00
used to organize a set of Blob data objects.
00:00
The container is similar to
00:00
a folder or directory in a file system.
00:00
This image to the right is an example of
00:00
what a container and it's Blobs might look like.
00:00
You can see we have our storage account
00:00
there or account at the very top.
00:00
Inside of that we have two containers
00:00
named pictures and movies.
00:00
Each side of those containers we have our Blob objects
00:00
like the JPEG images or.AVI movies.
00:00
You can have an unlimited number of
00:00
containers inside of a Blob.
00:00
Those containers can store
00:00
an unlimited number of Blobs inside of those.
00:00
Currently the max size for
00:00
a storage account is two petabytes for the US and Europe,
00:00
and 500 terabytes for other regions.
00:00
You can see you have plenty of storage to
00:00
upload your different Blob objects into their containers.
00:00
There are several options when configuring
00:00
security access to a storage account,
00:00
but Azure Blobs are the only kind
00:00
that support the following four options.
00:00
Azure Active Directory,
00:00
a shared key to the storage account,
00:00
a shared access signature,
00:00
or configuring anonymous public read access.
00:00
In a later episode, I will cover the shared key
00:00
and shared access signatures in more detail.
00:00
But for now, I want to focus on
00:00
the anonymous public read access.
00:00
Public read access is used in scenarios where you want
00:00
Blobs to always be available for anonymous read access.
00:00
For example, you may have
00:00
a website that has lots of videos
00:00
or images available for people to view.
00:00
You can use Blob storage to host
00:00
these files for people visiting your website,
00:00
where they only need that read-only anonymous access.
00:00
When creating a container and configuring this access,
00:00
there are currently three options.
00:00
The first is no public read access,
00:00
meaning the container in the Blobs are only
00:00
accessible by the storage account owner.
00:00
This is the default option.
00:00
The second is public read access for Blobs only.
00:00
Meaning the Blobs in
00:00
the container can be read anonymously,
00:00
but the container data cannot.
00:00
This means anonymous clients cannot enumerate
00:00
or see the other Blobs within the container.
00:00
The third option is
00:00
public read access for container and Blobs,
00:00
meaning all the data in the container and
00:00
the Blob can be read anonymously.
00:00
Anonymous clients can then also
00:00
enumerate other Blobs inside the container,
00:00
but they still won't be able to see
00:00
other containers within the storage account.
00:00
Let's jump over to the Azure portal
00:00
and see what this looks like.
00:00
Here we are back in our Azure portal.
00:00
As I mentioned in a previous episode,
00:00
we're going to be exploring
00:00
different ways to access our resources.
00:00
Previously we just accessed
00:00
our storage accounts over here on
00:00
the left under our favorites,
00:00
or right here in the middle under Azure services.
00:00
But we do have this search bar up here
00:00
where we can search for resources,
00:00
services, or any other of
00:00
our objects inside of our Azure portal.
00:00
Let's go up here and search for my "Storage Account."
00:00
As you can see,
00:00
this is going to pull up several different options.
00:00
It's going to pull up services where it finds a match,
00:00
or even resources where it finds a match.
00:00
Let's go take a look at our storage accounts and
00:00
access our version 2 storage account.
00:00
Now the screen should be a little familiar to you.
00:00
This is giving the overview
00:00
of our storage account that I recreated.
00:00
Now we're going to go into services
00:00
and check out our Blob storage.
00:00
Inside of our Blob services,
00:00
this is where we can create our containers which are
00:00
going to group our different Blob objects.
00:00
Let's go ahead and create our first container.
00:00
Here we have or we can set the public access level.
00:00
Let's look at this drop-down.
00:00
Our three options are the private or no anonymous access,
00:00
the Blob anonymous read access for Blobs only,
00:00
or our container public access,
00:00
where the anonymous read access is for
00:00
the containers and the Blobs.
00:00
For this example, I'm just going to select
00:00
this very bottom one for container.
00:00
After selecting that, we're going to get
00:00
this little bit of a warning just saying
00:00
all the container in Blob data is going
00:00
to be read by anonymous request.
00:00
This is just letting you know that there's not going
00:00
to be any security around it and
00:00
clients will be able to make it anonymous requests to
00:00
view the objects inside of this container.
00:00
If you ever forget what the different
00:00
public access levels are or mean,
00:00
you can hover over this little eye
00:00
for additional information.
00:00
It's going to give you this pop-out window
00:00
here and explain what
00:00
each level does and how much access it gives.
00:00
Let's go ahead and click on "Okay"
00:00
to create our container.
00:00
If after we create our container,
00:00
if we want to change the access level,
00:00
all we need to do is select the box for the container.
00:00
Then select "Change Access Level''.
00:00
This will bring back up our dropdown that we just
00:00
saw so we can change the access level if needed.
00:00
I'm going to go ahead and click on "Cancel" because I
00:00
liked the access level I created it at.
00:00
Now that we have our container,
00:00
let's go take a look at some of its properties.
00:00
The main thing I want to point out in
00:00
this container's properties is this URL here.
00:00
You can see we have the name of
00:00
our storage account.blob.core.windows.net/my container,
00:00
which is the name of the container we just created.
00:00
This is the HTTPS URL that you can
00:00
use to access objects with inside the container,
00:00
which is inside that Blob service
00:00
inside the storage account.
00:00
Let's go ahead and go into our container.
00:00
You can see we currently do not have
00:00
any Blob objects inside of it.
00:00
So let's go ahead and upload a Blob object.
00:00
I'm going to navigate to my desktop where I have a folder
00:00
here with a picture
00:00
from a vacation a couple of years ago.
00:00
Once this is selected,
00:00
we can look at advanced,
00:00
where we have some different authentication types
00:00
and we also can choose what type of Blob type this is.
00:00
Going back to our three types of Block Blob,
00:00
page Blob or a pen Blob.
00:00
Since this is an image,
00:00
I just want to select Block Blob.
00:00
Let's click on "Upload".
00:00
We can see our image here has been uploaded.
00:00
If you look over here, it's already in
00:00
the hot access tier meaning and is going to
00:00
be frequently accessed and
00:00
there's our Block Blob, Blob type.
00:00
For you and click these three little dots over here.
00:00
We can go look at the Blog properties.
00:00
Here we can see additional information like we just saw,
00:00
like the type, which is Block Blob and the access tier.
00:00
But more importantly, we have a URL here that we can
00:00
use to access the Blob inside of the container.
00:00
Let's go ahead and click on the "Copy" button here.
00:00
Will open up a new tab and paste in
00:00
this URL. There you have it.
00:00
There's the vacation picture that I uploaded,
00:00
which is me at the top of
00:00
observation point in Zion National Park.
00:00
Again, if you notice in our URL here,
00:00
we have the name of our storage account,
00:00
blob.core.windows.net,
00:00
which is the default when creating
00:00
a Blob service inside of a storage account.
00:00
We have our container name and then we have
00:00
our Blob name right here.
00:00
Going back to our Blog properties,
00:00
we can go back and change the tear if we needed to,
00:00
in case this does not need to be in our hot tier.
00:00
Select the "Drop-Down list," and
00:00
we can select "Cool" or "Archive".
00:00
Now if you remember back to an earlier episode,
00:00
storage accounts themselves cannot
00:00
be an at the archive tier,
00:00
only individual objects in
00:00
the Blob containers can be set to archive.
00:00
That covers it for this demo,
00:00
let's jump back to the slides and wrap up this episode.
00:00
Well, that does it for our demo where
00:00
we created a Blob container.
00:00
We can figure it access for it.
00:00
Then we also uploaded some data to the container.
00:00
Looking forward in the next episode,
00:00
we're going to look at those storage account
00:00
access keys and shared
00:00
access signatures that I hinted at earlier.
00:00
Let's continue to the next episode.
Up Next