Taking the user delegation SAS tokens for a spin

Introduction

A few days ago the preview for the “User delegation SAS token” has seen the light. In today’s post, we’ll take a first glance on this new capability! Though why should we care about this feature? You can now create SAS tokens based on the scoped permissions of an AAD user, instead of linked towards the storage account key. From a security perspective this is REALLY awesome, cause you can harden the scope of a possible even more.

 

Bibliography

• https://azure.microsoft.com/en-us/blog/announcing-user-delegation-sas-tokens-preview-for-azure-storage-blobs/
• https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas
• https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-cli
• https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest

Continue reading “Taking the user delegation SAS tokens for a spin” →

Writing straight to the Azure Storage Access Tier you want (with AzCopy)

Introduction

With the “Set Blob Tier” operation you can set the Access Tier of the blob object of a storage account. Now at times you know a certain object will go to tier that’s not your default access tier. Or you want to write immediately to archive. The cool thing is that AzCopy can assist you in this!

 

AzCopy Flags

Take a look at the AzCopy flags… Here you’ll notice the “–block-blob-tier” flag. This is the one that’ll help you on writing directly to the access tier you want.

Quick Demo

I’ve created a storage account in mint condition, where the default access tier is set to “Hot”.

Continue reading “Writing straight to the Azure Storage Access Tier you want (with AzCopy)” →