az-storage-account

Create an storage account

$ az storage account create [[-n|--name]] [storage_account_name] [[-g|--resource-group]] [azure_resource_group] --location [azure_location] --sku [storage_account_sku]

$ az storage account generate-sas --account-name [storage_account_name] [[-n|--name]] [account_name] --permissions [sas_permissions] --expiry [expiry_date] --services [storage_services] --resource-types [resource_types]

$ az storage account list [[-g|--resource-group]] [azure_resource_group]

$ az storage account delete [[-n|--name]] [storage_account_name] [[-g|--resource-group]] [azure_resource_group]

az storage account [parameters]

--account-name
    The name of the storage account. This is required unless `--connection-string` or `--sas-token` is provided. Using environment variable `AZURE_STORAGE_ACCOUNT` is an alternative.

--account-key
    The storage account key. Value should be a valid storage account key. More info at https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string. Using environment variable `AZURE_STORAGE_KEY` is an alternative.

--connection-string
    The connection string for the storage account. More info at https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string. Using environment variable `AZURE_STORAGE_CONNECTION_STRING` is an alternative.

--sas-token
    The Shared Access Signature (SAS) token for the storage account. More info at https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview. Using environment variable `AZURE_STORAGE_SAS_TOKEN` is an alternative.

--subscription
    Name or ID of subscription. You can configure the default subscription using `az account set -s NAME_OR_ID`

create
    Create a storage account.

delete
    Delete a storage account.

show
    Get the properties of a storage account.

list
    List storage accounts.

update
    Update a storage account.

keys
    Manage storage account keys.

network-rule
    Manage storage account network rules.

The `az storage account` command in the Azure CLI provides a comprehensive interface for managing Azure Storage accounts. It allows you to create, delete, update, list, and configure various aspects of storage accounts, including access keys, connection strings, firewall rules, encryption settings, and network configurations. This command is essential for automating storage account management tasks, integrating with deployment pipelines, and managing storage infrastructure through scripts and configuration management tools.

With this command you can view storage account properties such as sku, endpoint and statuses. The command supports various authentication mechanisms, including Azure Active Directory (Azure AD) and Shared Access Signature (SAS) tokens, providing flexibility in securing access to storage resources. It's a critical tool for DevOps engineers, system administrators, and developers working with Azure Storage.

The `az storage account` command supports several authentication methods: Account Keys, SAS Tokens, and Azure Active Directory (Azure AD). Azure AD authentication is generally recommended for enhanced security. Ensure appropriate permissions are configured for the user or service principal when using Azure AD.

You can configure firewall rules, virtual network integrations, and private endpoints to restrict access to your storage account from specific networks or resources. This command provides subcommands to manage these configurations.

Use `az storage account network-rule` to configure storage account firewall

az storage blob(1), az storage queue(1), az storage table(1)