Storage
Azure storage is organized under Storage Accounts — a top-level resource that provides a namespace for all Azure Storage services.
Storage Account
Section titled “Storage Account”A storage account gives you access to four storage services:
| Service | Type | Azure | AWS Equivalent |
|---|---|---|---|
| Blob Storage | Object storage | Containers + blobs | S3 |
| Azure Files | File shares (SMB/NFS) | File shares | EFS |
| Queue Storage | Message queues | Queues | SQS (basic) |
| Table Storage | NoSQL key-value | Tables | DynamoDB (basic) |
Creating a Storage Account
Section titled “Creating a Storage Account”az storage account create \ --name mystorageacct \ --resource-group myapp-rg \ --location eastus \ --sku Standard_LRS \ --kind StorageV2 \ --min-tls-version TLS1_2Redundancy Options
Section titled “Redundancy Options”| SKU | Redundancy | Durability | Use Case |
|---|---|---|---|
| LRS | 3 copies in one data center | 11 nines | Dev/test, non-critical data |
| ZRS | 3 copies across 3 AZs | 12 nines | Production, high availability |
| GRS | LRS + async copy to paired region | 16 nines | Disaster recovery |
| GZRS | ZRS + async copy to paired region | 16 nines | Best durability + HA |
| RA-GRS | GRS + read access in secondary region | 16 nines | DR with read failover |
| RA-GZRS | GZRS + read access in secondary | 16 nines | Maximum durability + HA + read DR |
Blob Storage
Section titled “Blob Storage”Blob (Binary Large Object) storage is Azure’s object storage — equivalent to AWS S3.
Structure
Section titled “Structure”Storage Account: mystorageacct └── Container: images (like an S3 bucket) ├── logo.png (block blob) ├── photos/vacation.jpg (block blob) └── backup.tar.gz (block blob) └── Container: logs └── 2026/02/17/app.log| Concept | What It Is |
|---|---|
| Container | A grouping of blobs (like an S3 bucket). Flat namespace — the / in paths is just naming convention. |
| Blob | A file (object). Up to 190.7 TiB for block blobs. |
| Block blob | Standard blob type — optimized for uploading large files. Most common. |
| Append blob | Optimized for append operations (log files). |
| Page blob | Random read/write (used by Azure Disk under the hood). |
Basic Operations
Section titled “Basic Operations”# Create a containeraz storage container create --name images --account-name mystorageacct
# Upload a fileaz storage blob upload \ --account-name mystorageacct \ --container-name images \ --name logo.png \ --file ./logo.png
# List blobsaz storage blob list --account-name mystorageacct --container-name images --output table
# Downloadaz storage blob download \ --account-name mystorageacct \ --container-name images \ --name logo.png \ --file ./downloaded-logo.png
# Upload a directory (recursive)az storage blob upload-batch \ --account-name mystorageacct \ --destination images \ --source ./local-images/Python SDK
Section titled “Python SDK”from azure.identity import DefaultAzureCredentialfrom azure.storage.blob import BlobServiceClient
credential = DefaultAzureCredential()blob_service = BlobServiceClient( account_url="https://mystorageacct.blob.core.windows.net", credential=credential)
# Uploadcontainer = blob_service.get_container_client("images")with open("logo.png", "rb") as f: container.upload_blob("logo.png", f, overwrite=True)
# Downloadblob = container.download_blob("logo.png")data = blob.readall()Access Tiers
Section titled “Access Tiers”| Tier | Access | Storage Cost | Access Cost | Use Case |
|---|---|---|---|---|
| Hot | Frequent | Higher | Lower | Active data, frequently accessed |
| Cool | Infrequent (30+ days) | Lower | Higher | Backups, older data |
| Cold | Rare (90+ days) | Even lower | Even higher | Long-term backup |
| Archive | Very rare (180+ days) | Lowest | Highest + rehydrate time | Compliance, deep archive |
Set the tier per blob or as the default for the storage account:
# Set blob tieraz storage blob set-tier \ --account-name mystorageacct \ --container-name images \ --name old-photo.jpg \ --tier CoolLifecycle Management
Section titled “Lifecycle Management”Automatically transition blobs between tiers or delete them:
{ "rules": [{ "name": "archiveOldLogs", "enabled": true, "type": "Lifecycle", "definition": { "filters": { "blobTypes": ["blockBlob"], "prefixMatch": ["logs/"] }, "actions": { "baseBlob": { "tierToCool": {"daysAfterModificationGreaterThan": 30}, "tierToArchive": {"daysAfterModificationGreaterThan": 90}, "delete": {"daysAfterModificationGreaterThan": 365} } } } }]}Blob Versioning and Soft Delete
Section titled “Blob Versioning and Soft Delete”| Feature | What It Does |
|---|---|
| Versioning | Keeps previous versions of blobs automatically. Restore any version. |
| Soft delete | Deleted blobs are retained for a configurable period (1–365 days). |
| Change feed | Log of all blob changes (create, update, delete). Useful for auditing and event-driven processing. |
Access Control
Section titled “Access Control”| Method | When to Use |
|---|---|
| Azure RBAC (recommended) | Assign roles like “Storage Blob Data Reader” to users/managed identities |
| Shared Access Signatures (SAS) | Time-limited, scoped access tokens for external users/services |
| Access keys | Full access to the entire storage account (avoid — too broad) |
| Anonymous/public access | Static websites only — disable by default |
# Generate a SAS token (read-only, 1 hour)az storage blob generate-sas \ --account-name mystorageacct \ --container-name images \ --name logo.png \ --permissions r \ --expiry $(date -u -d '+1 hour' +%Y-%m-%dT%H:%MZ) \ --output tsvStatic Website Hosting
Section titled “Static Website Hosting”# Enable static websiteaz storage blob service-properties update \ --account-name mystorageacct \ --static-website \ --index-document index.html \ --404-document 404.html
# Upload site filesaz storage blob upload-batch \ --account-name mystorageacct \ --destination '$web' \ --source ./dist/Access at: https://mystorageacct.z13.web.core.windows.net
Put Azure CDN or Front Door in front for custom domain + HTTPS.
Azure Disk (Managed Disks)
Section titled “Azure Disk (Managed Disks)”Managed Disks are block storage volumes for VMs — equivalent to AWS EBS.
Disk Types
Section titled “Disk Types”| Type | Performance | Use Case |
|---|---|---|
| Standard HDD | Low (up to 500 IOPS) | Dev/test, backups |
| Standard SSD | Moderate (up to 6,000 IOPS) | Web servers, light production |
| Premium SSD | High (up to 20,000 IOPS) | Production databases, high I/O |
| Premium SSD v2 | Flexible IOPS/throughput | Latency-sensitive, large databases |
| Ultra Disk | Extreme (up to 160,000 IOPS) | SAP HANA, top-tier databases |
Key Features
Section titled “Key Features”| Feature | Detail |
|---|---|
| Snapshots | Point-in-time copy. Can create a new disk from a snapshot. |
| Encryption | Server-side encryption (SSE) with platform-managed or customer-managed keys. |
| Shared disks | Attach one disk to multiple VMs (for clustered workloads). |
| Bursting | Standard and Premium SSDs can burst beyond baseline IOPS. |
Azure Files
Section titled “Azure Files”Azure Files provides managed file shares accessible via SMB and NFS — equivalent to AWS EFS.
Use Cases
Section titled “Use Cases”- Lift and shift — Apps that use shared file systems (config files, shared data).
- Container storage — Shared volume for AKS pods or ACI containers.
- Cross-platform — SMB for Windows, NFS for Linux.
- Azure File Sync — Sync on-premises file servers with Azure Files (hybrid).
Creating a File Share
Section titled “Creating a File Share”# Create a file shareaz storage share-rm create \ --storage-account mystorageacct \ --name myshare \ --quota 100 # GB
# Mount on Linuxsudo mount -t cifs //mystorageacct.file.core.windows.net/myshare /mnt/myshare \ -o vers=3.0,username=mystorageacct,password=<storage-key>,dir_mode=0777,file_mode=0777| Tier | Use Case |
|---|---|
| Premium | Low latency, high IOPS (SSD-backed) |
| Transaction optimized | Heavy transaction workloads (HDD-backed) |
| Hot | General purpose file shares |
| Cool | Infrequently accessed (cost-optimized) |
Choosing a Storage Service
Section titled “Choosing a Storage Service”| Question | Answer |
|---|---|
| Storing files/objects via HTTP API? | Blob Storage |
| Need a disk for a VM? | Managed Disks |
| Need shared file system (SMB/NFS)? | Azure Files |
| Long-term archive (compliance)? | Blob Storage (Archive tier) |
| Static website? | Blob Storage (static website) |
| Container shared storage (AKS)? | Azure Files or Azure Disk |
Key Takeaways
Section titled “Key Takeaways”- Blob Storage is Azure’s object storage. Use access tiers (Hot/Cool/Cold/Archive) and lifecycle policies to optimize costs.
- Managed Disks are block storage for VMs. Premium SSD for production databases; Standard SSD for web servers.
- Azure Files provides shared file systems via SMB/NFS — use for lift-and-shift and container shared storage.
- Everything lives under a Storage Account — choose the right redundancy (LRS for dev, ZRS/GRS for production).
- Use RBAC and managed identities for access. Use SAS tokens for time-limited external access. Avoid access keys.