How to create private storage accounts and back up public containers

In our fast-paced digital world, protecting our company’s private documents while collaborating with partners is essential! Join us on this exciting journey to set up a secure storage account that will safeguard our valuable information and facilitate smooth partnerships. We’ll weave in some redundancy to keep our data safe, create a shared access signature for controlled partner access, and ensure our public website storage is backed up like a pro!

But that’s not all! We’ll also implement lifecycle management to seamlessly transition our content to the cool tier. Let’s explore the cloud and turn this storage account into a stronghold for our company’s secrets! ☁️🔒✨

Yeah before i forget, most of what we wil be discussing today i have already treated in my previous articles so incase you wanna refresh your memory check it out here; https://stanj.hashnode.dev/learn-how-to-make-containers-publicsoft-delete-retrieve-blob?showSharer=true OK, LETS DIVE IN

1. Create a storage account for the internal private company documents.

   • In the portal, search for and select Storage accounts.

   • Select + Create.

   • Select the Resource group created in the previous lab.

   • 

   • Set the Storage account name to private. Add an identifier to the name to

     ensure the name is unique.

   • 

   • Select Review, and then Create the storage account.

   • Wait for the storage account to deploy, and then select Go to resource.

   • 

2. This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy.

   • In the storage account, in the Data management section, select the Redundancy blade.

   • Ensure Geo-redundant storage (GRS) is selected.

   • Refresh the page.

   • 

   • Review the primary and secondary location information.

   • Save your changes.

• In the storage account, in the Data storage section, select the Containers blade.

• Select + Container.

• 

• Ensure the Name of the container is private.

• 

• Ensure the Public access level is Private (no anonymous access).

• As you have time, review the Advanced settings, but take the defaults.

• Select Create.

1. For testing, upload a file to the private container. he type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publicly accessible.

   • Select the container.

   • Select Upload.

   • Browse to files and select a file.

   • Upload the file.

   • Select the uploaded file.

   • 

   • On the Overview tab, copy the URL.

   • 

   • Paste the URL into a new browser tab.

   • Verify the file doesn’t display and you receive an error.

   • OOPPSS!!!! IT WONT WORK

     

2. If external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS)

   • Select your uploaded blob file and move to the Generate SAS tab.

   • 

   • In the Permissions drop-down, ensure the partner has only Read

     permissions.

   • Verify the Start and expiry date/time is for the next 24 hours.

   • Select Generate SAS token and URL.

   • 

     

   • Copy the Blob SAS URL to a new browser tab.

   • Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.

   • 

     1. To save on costs, after 30 days, move blobs from the hot tier to the cool tier. Learn more how manage the Azure Blob storage lifecycle.

        • Return to the storage account.

        • In the Overview section, notice the Default access tier is set to Hot.

        • In the Data management section, select the Lifecycle management blade

        • 

          .

        • Select Add rule.

        • Set the Rule name to movetocool.

        • Set the Rule scope to Apply rule to all blobs in the storage account.

        • Select Next.

        • 

        • Ensure Last modified is selected.

        • Set More than (days ago) to 30.

        • In the Then drop-down select Move to cool storage.

• 

• As you have time, review other lifecycle options in the drop-down.

• Add the rule.

• 

  2. The public website files need to be backed up to another storage account.[Learn more about object replication.

• In your storage account, create a new container called backup. Use the default values. Refer back to my previous post if you need more clarification

• 

• Navigate to your publicwebsite storage accoun

  • In the Data management section, select the Object replication blade.

  • Select Create replication rules.

  • 

  • Set the Destination storage account to the private storage account.

  • 

  • Set the Source container to public and the Destination container to backup.

  • Create the replication rule.

  • 

Upload a file to the public container. Return to the private storage account and refresh the backup container. Within a few minutes your public website file will appear in the backup folder JUST LIKE MAGIC !!!!!!

• 

• And there you have it! 🎉

  We’ve successfully built a fortress for our private documents, created a VIP pass for our partners, and ensured our data is backed up and ready for anything! With our content lounging in the cool tier, we can now focus on what really matters—growing our business and enjoying the ride. So let’s give a big round of applause to our cloud adventure! 🌟

  Until our next digital escapade, keep your data secure, your collaborations fruitful, and remember: in the cloud, the sky’s the limit! ☁️🚀✨