az-storage-container

Manage Azure Storage containers

TLDR

Create a container in a storage account

$ az storage container create --account-name [storage_account_name] [[-n|--name]] [container_name] --public-access [access_level] --fail-on-exist

Generate a shared access signature for the container

$ az storage container generate-sas --account-name [storage_account_name] [[-n|--name]] [container_name] --permissions [sas_permissions] --expiry [expiry_date] --https-only

List containers in a storage account

$ az storage container list --account-name [storage_account_name] --prefix [filter_prefix]

Mark the specified container for deletion

$ az storage container delete --account-name [storage_account_name] [[-n|--name]] [container_name] --fail-not-exist

az storage container SUBCOMMAND [OPTIONS]

Common Subcommands:
az storage container create --name container_name --account-name storage_account_name [options]
az storage container delete --name container_name --account-name storage_account_name [options]
az storage container list --account-name storage_account_name [options]
az storage container show --name container_name --account-name storage_account_name [options]
az storage container generate-sas --name container_name --permissions permissions --expiry date_time --account-name storage_account_name [options]

PARAMETERS

--name -n
    The name of the storage container.

--account-name
    The name of the storage account.

--connection-string -c
    The connection string for the storage account.

--account-key
    The storage account key.

--public-access
    Specifies the public access level for the container. Possible values are 'blob', 'container', or 'off'.

--expiry
    The UTC datetime (YYYY-MM-DDThh:mmZ) at which the shared access signature becomes invalid. Used with 'generate-sas'.

--permissions
    The permissions for the shared access signature (e.g., 'rlwacd' for read, list, write, add, create, delete). Used with 'generate-sas'.

--output -o
    Output format. Accepted values: json, jsonc, table, tsv, yaml, yamlc.

--query -q
    JMESPath query string.

DESCRIPTION

az storage container is a command group within the Azure Command-Line Interface (Azure CLI) designed for comprehensive management of blob containers within Azure Storage accounts. Blob containers act as a namespace for storing Azure Blobs, which can be any type of file or binary data.

This command group allows users to perform various operations such as creating new containers, listing existing ones, retrieving detailed information about a specific container, deleting containers, and managing their access policies. It provides a robust interface for interacting with Azure Blob Storage, enabling administrators and developers to programmatically control storage resources, set public access levels for anonymous access, and configure shared access signatures (SAS) for granular, time-limited access. Operations can be authenticated using an Azure storage account name and key, a connection string, or Azure Active Directory (AAD) credentials, ensuring secure and flexible management of storage resources.

CAVEATS

This command group requires the Azure CLI to be installed and properly configured, typically by logging in with az login.

Appropriate Azure RBAC permissions on the storage account are necessary to perform operations. For instance, 'Storage Blob Data Contributor' is needed for data operations, while 'Storage Account Contributor' might be required for account-level settings.

When using account keys or connection strings, ensure these are handled securely to prevent unauthorized access to your storage resources.

Public access settings should be configured with caution as they can expose blobs to anonymous internet access.

SUBCOMMANDS

The az storage container command group includes several subcommands for specific operations:

az storage container create: Creates a new storage container.
az storage container delete: Deletes a storage container.
az storage container exists: Checks if a storage container exists.
az storage container generate-sas: Generates a shared access signature (SAS) for a container.
az storage container list: Lists storage containers in a storage account.
az storage container set-permission: Sets the permissions for a storage container.
az storage container show: Shows details for a storage container.
az storage container update: Updates the properties of a storage container.

AUTHENTICATION METHODS

az storage container commands support several authentication methods:

Azure Active Directory (AAD): Recommended for most scenarios, leveraging az login and RBAC roles.
Storage Account Name and Key: Providing --account-name and --account-key.
Connection String: Providing --connection-string.
Shared Access Signature (SAS): When managing resources with a pre-generated SAS token using --sas-token.

PUBLIC ACCESS LEVELS

Containers can be configured with different public access levels:

off (default): No public anonymous access. Blobs can only be accessed through authenticated requests.
blob: Allows anonymous public read access to blobs within the container. Container data itself is not accessible.
container: Allows anonymous public read access to blobs and container data (e.g., list of blobs) within the container.