Create an Azure Storage Account and Host a Private File in a Private Container
Contents
Create an Azure Storage Account and Host a Private File in a Private Container#
Sometimes while deploying a lab environment, you might need to use files that cannot be accessed through a public channel such as GitHub. One alternative is to host the private files in a private container available through an Azure storage account. If you already have a private container and want to upload a file to it, go to the Upload File to Private Container section of this document.
Pre-requirements#
Azure Subscription
Deploy Azure Account Storage and a Private Container#
Download the following ARM template: https://github.com/hunters-forge/Blacksmith/blob/azure/templates/azure/Storage-Account-Private-Container/azuredeploy.json
Sign In Interactively
Locally, you can sign in interactively through your browser with the az login
command. Log in as a user with permissions to deploy resource in your Azure subscription. None of your sign-in information is stored by the CLI. Instead, an authentication refresh token is generated by Azure and stored.
az login
If the cli command cannot open your browser to load the sign-in page, go to https://aka.ms/devicelogin and enter the authorization code displayed in your terminal.
You could also use the device code flow with the following command az login --use-device-code
.
Create a resource group [optional]
If this is your first time deploying resources in your Azure subscription, you will have to create a resource group.
az group create -n artifacts -l eastus
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/artifacts",
"location": "eastus",
"managedBy": null,
"name": "artifacts",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null,
"type": "Microsoft.Resources/resourceGroups"
}
You can see the new resource group if you go to the Azure portal and look for Resource Groups
.
Deploy template. Make sure you set the values for your
Resource Group
, theAzure Storage Account Name
andAzure Private Container Name
.
az deployment group create --resource-group <resourcegroup> --template-file azuredeploy.json --parameters storageAccountName=<name> containerName=<name>
That’s it! If you go to your Azure Portal > Resource Groups > GroupName
, you will see the Azure Storage Account resource available. Click on it and verify your container was also created. You can now store private files in that container.
Upload File to Private Container#
There are two ways to upload a file to an Azure private container:
Azure CLI and a Shared Access Signature (SAS) Token
Azure Portal UI
Azure Portal UI#
Another option to upload a file to the private container is by using the Azure portal with the Upload
feature as shown in the image below:
Select the file you want to upload and click on upload
Accessing Private Containers from ARM Templates#
In ARM templates you can use the following URI syntax for every URL that we want to access.
_artifactsLocation: This is the Account Storage Container URL (https://name-of-storage-account.blob.core.windows.net/name-of-container/)
_artifactsLocationSasToken: This is the Account SAS Token that you get after deploying your Azure Account Storage and Private container via the ARM template. Go to deployments, select your deployment and look at the Deployment Output values. Do NOT forget to add the ‘?’ character before your SAS token.