Introduction
To pass the AZ-104 exam, you need to complete several live online lab tests. This article will teach you how to grant limited access to Azure Storage resources using Shared Access Signatures (SAS). We will continue our previous lab tutorial as an example.
Steps
Step 1:
Navigate to "Storage accounts."
Check if our account "davidaystorageaccount" has Blob anonymous access disabled.
And you will see the uploaded file will response PublicAccessNotPermitted.
Step 2:
In the "Storage accounts," click on "Shared access signature."
Step 3:
In the "Shared access signature" section, configure the following settings:
Allowed services: Blob
Allowed resource types: Service, Container, Object
Start and expiry date/time: Set according to your preference.
Then, click "Generate SAS and connection string."
Note that the signing key "key1" is stored in "Access keys":
Step 4:
Copy the generated "SAS token".
?sv=2022-11-02&ss=b&srt=sco&sp=rwdlaciytfx&se=2025-01-06T18:52:17Z&st=2025-01-06T10:52:17Z&spr=https&sig=w6DGYscuw3bBilBys2j2g6GqBN2e%2FSMGu5GrIbtjMuA%3D
Testing
Paste the SAS token into the target blob resource URL:
You should replace the SAS token part in the URL with the one you copied.
Remark
If you rotate "key1" stored in "Access keys," all previously generated SAS tokens using "key1" will become invalid.
Conclusion
In this lab, you learned how to create a Shared Access Signature (SAS) for an Azure Storage account, allowing you to grant limited access to your storage resources. This is a crucial skill for the AZ-104 exam, as it demonstrates your ability to manage Azure Storage securely. Always remember that rotating your access keys will invalidate existing SAS tokens, so plan your security measures accordingly. Continue practicing these steps to ensure you are well-prepared for your exam!
Top comments (0)