RBAC("RBAC (Role-Based Access Control)") Container -- "Managed by" --> SAS("SAS (Shared... - AZ-204: Developing Solutions for Microsoft Azure study guide by MindMesh Academy." />
Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

4.1.1.1. Implement Blob Storage

First Principle: Implementing Azure Blob storage involves creating storage accounts and containers, and programmatically managing blobs. This enables secure, efficient, and scalable storage for unstructured data in cloud applications.

What It Is: Implementing Blob storage means using Azure Blob storage within your applications for data storage and retrieval.

Visual: "Blob Storage Hierarchy and Access"
Loading diagram...

1. Create a storage account and container: Via Azure CLI:

az storage account create --name mystorageacct --resource-group mygroup --location eastus --sku Standard_LRS
az storage container create --account-name mystorageacct --name mycontainer
Key Configuration Options:
  • --sku Standard_LRS: Specifies Locally Redundant Storage for cost-effectiveness within a single datacenter. Other options include "GRS (Geo-Redundant Storage)" for disaster recovery.

2. Upload, download, and delete blobs programmatically: Example in Python (Azure SDK):

from azure.storage.blob import BlobServiceClient
# Replace with your actual connection string from Azure Portal
client = BlobServiceClient.from_connection_string("<conn_str>")
container = client.get_container_client("mycontainer")
container.upload_blob("myblob.txt", b"Hello, Azure!")      # Upload a new blob
data = container.download_blob("myblob.txt").readall()     # Download blob content
print(data.decode('utf-8'))
container.delete_blob("myblob.txt")                        # Delete a blob

Similar methods exist in .NET, Java, and JavaScript SDKs.

3. Blob properties and metadata:
  • "Properties": System-defined attributes like Content type (image/jpeg), size, last modified date, and ETag (used for "optimistic concurrency"). Used for validation, caching, and content handling by applications.
  • "Metadata": Custom key-value pairs that you define for tagging/searching "blobs". Can be set/read via SDKs or CLI.
    • Example: { "project": "webapp", "environment": "dev" }
4. Access control:
  • "Private (default)": Only authorized users ("Entra ID", "Shared Access Signatures - SAS") can access. This is the recommended security posture.
  • "Public": Anonymous read access. Use for publicly accessible content like static website assets. Set with: 
    az storage container set-permission --name mycontainer --public-access blob # or container

Scenario: You need to develop a feature that allows users to upload profile pictures to your web application. These pictures should be stored in Azure Blob Storage, and your backend API needs to programmatically upload and retrieve them. Access to the container should be private by default.

Reflection Question: How does the programmatic management of "blobs" using Azure SDKs (for upload, download, delete, properties, metadata) and the configuration of access control (private vs. public) fundamentally enable secure, efficient, and scalable storage for unstructured data in cloud applications?

šŸ’” Tip: For optimal performance when working with large files, always use "multipart upload" methods provided by the SDKs or AzCopy.