az-storage-container

Create a container in a storage account

$ az storage container create --account-name [storage_account_name] [[-n|--name]] [container_name] --public-access [access_level] --fail-on-exist

$ az storage container generate-sas --account-name [storage_account_name] [[-n|--name]] [container_name] --permissions [sas_permissions] --expiry [expiry_date] --https-only

$ az storage container list --account-name [storage_account_name] --prefix [filter_prefix]

$ az storage container delete --account-name [storage_account_name] [[-n|--name]] [container_name] --fail-not-exist

az storage container <command> [--account-key] [--account-name] [--auth-mode] [--connection-string] [--container-name] [--sas-token] [options]

--account-key
    Storage account access key

--account-name
    Storage account name. Alias: --storage-account

--auth-mode
    Auth mode: key (default), login (Azure AD)

--connection-string
    Full connection string to storage account

--container-name
    Target container name (positional in some subcommands)

--sas-token
    SAS token for auth (starts with ?)

--timeout
    Request timeout in seconds (default: 300)

--debug
    Increase logging verbosity

--help (-h)
    Show help for command

--output (-o)
    Output format: json, table, tsv, etc.

--query
    JMESPath query string for output filtering

az storage container is a command group in the Azure CLI for managing blob containers in Azure Storage accounts. Containers organize blobs (files) hierarchically, supporting public access control, metadata, ACLs, leases, and immutability policies.

Key operations include creating containers with access levels (private, blob, container), deleting them, listing all containers with optional filters, checking existence, showing properties, setting permissions via signed identifiers, updating metadata, generating SAS tokens for time-limited access, and managing policies for legal holds or time-based retention.

Authentication supports account keys, connection strings, SAS tokens, or Azure AD (--auth-mode login). Specify accounts via --account-name or --storage-account. Container names must be 3-63 lowercase alphanumeric/hyphen characters, globally unique per account.

Ideal for scripting, automation in CI/CD, and IaC tools like Terraform. Integrates with az storage blob for file-level ops. Supports hierarchical namespaces (ADLS Gen2). Use --dryrun for previews, --output table for readability. Errors common: invalid auth, non-existent account/container, naming rules.

Enhances productivity for cloud storage admins, developers deploying apps with static assets, or data engineers handling large datasets.

Requires Azure CLI 2.0+ and storage account access. Container names lowercase only. SAS tokens must include container permissions. Hierarchical namespace needs Data Lake Gen2 account.

create: Create container.
delete: Delete container.
exists: Check if exists.
generate-sas: Generate SAS URI.
lease: Acquire/release lease.
list: List containers.
metadata show|update: View/set metadata.
policy: Manage immutability policies.
restore: Restore soft-deleted container.
set-permission: Set ACL.
show: Get properties.

Create: az storage container create -n mycontainer --account-name mystorageacct --public-access blob
List: az storage container list --account-name mystorageacct --output table

Part of Azure CLI 2.0 (2017), with storage commands added in 2.0.49 (2018). Evolved with ADLS Gen2 support (2019+), immutability policies (2020), and policy enhancements.

az storage blob(1), az storage account(1)