This hands-on lab provides some experience with configuring and securing an Azure storage account. We log into the Azure portal and create a storage account, then get familiar with the configuration options for it, including replication options, access tiers, and secure transfers. We RDP into a Windows VM and install Microsoft Azure Storage Explorer. Then we connect to Blob storage, and attempt to upload and retrieve data from the blob. Using the Azure Portal, we use access policies and shared access signatures to both permit access to the storage account and deny access to blob data. Subsequent attempts to upload and retrieve data from blob storage should fail. Completing the lab provides the experience required to configure and secure an Azure Storage account.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create and Configure a Storage Account
In the Azure Portal, click Storage accounts in the left navigation pane, then click on + Add in the storage accounts blade. Create a storage account in the current resource group.
- Log In to the VM with RDP, and Then Download and Install Microsoft Azure Storage Explorer
RDP login:
User Name : "azureuser" Password : "LA!2018!Lab"
Note: Please note there may be an issue with the Connect option in the Azure Portal. If this occurs for you, you can still RDP using your favourite RDP client and the public IP address of the VM.
Storage Explorer URL:
https://go.microsoft.com/fwlink/?LinkId=708343&clcid=0x409- Download Sample Images to be Uploaded into Blob Storage
PowerShell code to run:
Add-Type -AssemblyName System.IO.Compression.FileSystem $url = "https://github.com/linuxacademy/content-azure-labs/blob/master/zips/Azure-LearningActivity-CfgSecMon.zip?raw=true" $zipfile = "C:UsersazureuserDesktopAzure-LearningActivity-CfgSecMon.zip" $folder = "C:UsersazureuserDesktopimages" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Invoke-WebRequest -UseBasicParsing -OutFile $zipfile $url [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $folder) Remove-Item -Path $zipfile
- Open Azure Storage Explorer, Connect to the Azure Account, and Upload Image Files
In the VM, open Azure Storage Explorer and connect to the Azure account using the provided credentials. Create a new blob storage container and upload sample images.
- Enable Security on the Storage Account Using the Various Methods Available
Use the following methods to harden security on the storage account: access keys, shared access signatures, and stored access policies.