Azure Blob storage trigger for Azure Functions

The Blob storage trigger starts a function when a new or updated blob is detected. The blob contents are provided as input to the function.

The Azure Blob storage trigger requires a general-purpose storage account. Storage V2 accounts with hierarchical namespaces are also supported. To use a blob-only account, or if your application has specialized needs, review the alternatives to using this trigger.

For information on setup and configuration details, see the overview.


Polling works as a hybrid between inspecting logs and running periodic container scans. Blobs are scanned in groups of 10,000 at a time with a continuation token used between intervals.


In addition, storage logs are created on a "best effort" basis. There's no guarantee that all events are captured. Under some conditions, logs may be missed.

If you require faster or more reliable blob processing, consider creating a queue message when you create the blob. Then use a queue trigger instead of a blob trigger to process the blob. Another option is to use Event Grid; see the tutorial Automate resizing uploaded images using Event Grid.


Event Grid trigger


When using Storage Extensions 5.x and higher, the Blob trigger has built-in support for an Event Grid based Blob trigger. For more information, see the Storage extension 5.x and higher section below.

The Event Grid trigger also has built-in support for blob events. Use Event Grid instead of the Blob storage trigger for the following scenarios:

  • Blob-only storage accounts: Blob-only storage accounts are supported for blob input and output bindings but not for blob triggers.

  • High-scale: High scale can be loosely defined as containers that have more than 100,000 blobs in them or storage accounts that have more than 100 blob updates per second.

  • Existing Blobs: The blob trigger will process all existing blobs in the container when you set up the trigger. If you have a container with many existing blobs and only want to trigger for new blobs, use the Event Grid trigger.

  • Minimizing latency: If your function app is on the Consumption plan, there can be up to a 10-minute delay in processing new blobs if a function app has gone idle. To avoid this latency, you can switch to an App Service plan with Always On enabled. You can also use an Event Grid trigger with your Blob storage account. For an example, see the Event Grid tutorial.

See the Image resize with Event Grid tutorial of an Event Grid example.

Storage Extension 5.x and higher

When using the preview storage extension, there is built-in support for Event Grid in the Blob trigger which requires setting the source parameter to Event Grid in your existing Blob trigger.

For more information on how to use the Blob Trigger based on Event Grid, refer to the Event Grid Blob Trigger guide.

Queue storage trigger

Another approach to processing blobs is to write queue messages that correspond to blobs being created or modified and then use a Queue storage trigger to begin processing.


The following example shows a C# function that writes a log when a blob is added or updated in the samples-workitems container.

public static void Run([BlobTrigger("samples-workitems/{name}")] Stream myBlob, string name, ILogger log)
    log.LogInformation($"C# Blob trigger function Processed blob\n Name:{name} \n Size: {myBlob.Length} Bytes");

The string {name} in the blob trigger path samples-workitems/{name} creates a binding expression that you can use in function code to access the file name of the triggering blob. For more information, see Blob name patterns later in this article.

For more information about the BlobTrigger attribute, see attributes and annotations.

Attributes and annotations

In C# class libraries, use the following attributes to configure a blob trigger:

  • BlobTriggerAttribute

    The attribute's constructor takes a path string that indicates the container to watch and optionally a blob name pattern. Here's an example:

    public static void Run(
        [BlobTrigger("sample-images/{name}")] Stream image,
        [Blob("sample-images-md/{name}", FileAccess.Write)] Stream imageSmall)

    You can set the Connection property to specify the storage account to use, as shown in the following example:

    public static void Run(
        [BlobTrigger("sample-images/{name}", Connection = "StorageConnectionAppSetting")] Stream image,
        [Blob("sample-images-md/{name}", FileAccess.Write)] Stream imageSmall)

    For a complete example, see Trigger example.

  • StorageAccountAttribute

    Provides another way to specify the storage account to use. The constructor takes the name of an app setting that contains a storage connection string. The attribute can be applied at the parameter, method, or class level. The following example shows class level and method level:

    public static class AzureFunctions
        public static void Run( //...

The storage account to use is determined in the following order:

  • The BlobTrigger attribute's Connection property.
  • The StorageAccount attribute applied to the same parameter as the BlobTrigger attribute.
  • The StorageAccount attribute applied to the function.
  • The StorageAccount attribute applied to the class.
  • The default storage account for the function app ("AzureWebJobsStorage" app setting).


The following table explains the binding configuration properties that you set in the function.json file and the BlobTrigger attribute.

function.json property Attribute property Description
type n/a Must be set to blobTrigger. This property is set automatically when you create the trigger in the Azure portal.
direction n/a Must be set to in. This property is set automatically when you create the trigger in the Azure portal. Exceptions are noted in the usage section.
name n/a The name of the variable that represents the blob in function code.
path BlobPath The container to monitor. May be a blob name pattern.
connection Connection The name of an app setting or setting collection that specifies how to connect to Azure Blobs. See Connections.

When you're developing locally, app settings go into the local.settings.json file.


The connection property is a reference to environment configuration which specifies how the app should connect to Azure Blobs. It may specify:

If the configured value is both an exact match for a single setting and a prefix match for other settings, the exact match is used.

Connection string

To obtain a connection string, follow the steps shown at Manage storage account access keys. The connection string must be for a general-purpose storage account, not a Blob storage account.

This connection string should be stored in an application setting with a name matching the value specified by the connection property of the binding configuration.

If the app setting name begins with "AzureWebJobs", you can specify only the remainder of the name here. For example, if you set connection to "MyStorage", the Functions runtime looks for an app setting that is named "AzureWebJobsMyStorage." If you leave connection empty, the Functions runtime uses the default Storage connection string in the app setting that is named AzureWebJobsStorage.

Identity-based connections

If you are using version 5.x or higher of the extension, instead of using a connection string with a secret, you can have the app use an Azure Active Directory identity. To do this, you would define settings under a common prefix which maps to the connection property in the trigger and binding configuration.

In this mode, the extension requires the following properties:

Property Environment variable template Description Example value
Blob Service URI <CONNECTION_NAME_PREFIX>__serviceUri1 The data plane URI of the blob service to which you are connecting, using the HTTPS scheme. https://<storage_account_name>

1 <CONNECTION_NAME_PREFIX>__blobServiceUri can be used as an alias. If the connection configuration will be used by a blob trigger, blobServiceUri must also be accompanied by queueServiceUri. See below.

Additional properties may be set to customize the connection. See Common properties for identity-based connections.

The serviceUri form cannot be used when the overall connection configuration is to be used across blobs, queues, and/or tables. The URI itself can only designate the blob service. As an alternative, you can provide a URI specifically for each service, allowing a single connection to be used. If both versions are provided, the multi-service form will be used. To configure the connection for multiple services, instead of <CONNECTION_NAME_PREFIX>__serviceUri, set:

Property Environment variable template Description Example value
Blob Service URI <CONNECTION_NAME_PREFIX>__blobServiceUri The data plane URI of the blob service to which you are connecting, using the HTTPS scheme. https://<storage_account_name>
Queue Service URI (required for blob triggers2) <CONNECTION_NAME_PREFIX>__queueServiceUri The data plane URI of a queue service, using the HTTPS scheme. This value is only needed for blob triggers. https://<storage_account_name>

2 By default, the blob trigger uses Azure Queues internally. In the serviceUri form, the AzureWebJobsStorage connection is used. However, when specifying blobServiceUri, a queue service URI must also be provided with queueServiceUri. It is recommended that you use the service from the same storage account as the blob service. You will also need to make sure the trigger can read and write messages in the configured queue service by assigning a role like Storage Queue Data Contributor.

When hosted in the Azure Functions service, identity-based connections use a managed identity. The system-assigned identity is used by default, although a user-assigned identity can be specified with the credential and clientID properties. When run in other contexts, such as local development, your developer identity is used instead, although this can be customized. See Local development with identity-based connections.

Grant permission to the identity

Whatever identity is being used must have permissions to perform the intended actions. You will need to assign a role in Azure RBAC, using either built-in or custom roles which provide those permissions.


Some permissions might be exposed by the target service that are not necessary for all contexts. Where possible, adhere to the principle of least privilege, granting the identity only required privileges. For example, if the app only needs to be able to read from a data source, use a role that only has permission to read. It would be inappropriate to assign a role that also allows writing to that service, as this would be excessive permission for a read operation. Similarly, you would want to ensure the role assignment is scoped only over the resources that need to be read.

You will need to create a role assignment that provides access to your blob container at runtime. Management roles like Owner are not sufficient. The following table shows built-in roles that are recommended when using the Blob Storage extension in normal operation. Your application may require additional permissions based on the code you write.

Binding type Example built-in roles
Trigger Storage Blob Data Owner and Storage Queue Data Contributor1
Input binding Storage Blob Data Reader
Output binding Storage Blob Data Owner

1 By default, the blob trigger uses Azure Queues internally. It therefore also requires Storage Queue Data Contributor permissions to create and receive messages.



You can use the following parameter types for the triggering blob:

  • Stream
  • TextReader
  • string
  • Byte[]
  • ICloudBlob1
  • CloudBlockBlob1
  • CloudPageBlob1
  • CloudAppendBlob1

1 Requires "inout" binding direction in function.json or FileAccess.ReadWrite in a C# class library.

If you try to bind to one of the Storage SDK types and get an error message, make sure that you have a reference to the correct Storage SDK version.

Binding to string, or Byte[] is only recommended if the blob size is small, as the entire blob contents are loaded into memory. Generally, it is preferable to use a Stream or CloudBlockBlob type. For more information, see Concurrency and memory usage later in this article.

Additional types

Apps using the 5.0.0 or higher version of the Storage extension may also use types from the Azure SDK for .NET. This version drops support for the legacy ICloudBlob, CloudBlockBlob, CloudPageBlob, and CloudAppendBlob types in favor of the following types:

1 Requires "inout" binding direction in function.json or FileAccess.ReadWrite in a C# class library.

For examples using these types, see the GitHub repository for the extension. Learn more about these new types are different and how to migrate to them from the Azure.Storage.Blobs Migration Guide.

Blob name patterns

You can specify a blob name pattern in the path property in function.json or in the BlobTrigger attribute constructor. The name pattern can be a filter or binding expression. The following sections provide examples.


A container name can't contain a resolver in the name pattern.

Get file name and extension

The following example shows how to bind to the blob file name and extension separately:

"path": "input/{blobname}.{blobextension}",

If the blob is named original-Blob1.txt, the values of the blobname and blobextension variables in function code are original-Blob1 and txt.

Filter on blob name

The following example triggers only on blobs in the input container that start with the string "original-":

"path": "input/original-{name}",

If the blob name is original-Blob1.txt, the value of the name variable in function code is Blob1.txt.

Filter on file type

The following example triggers only on .png files:

"path": "samples/{name}.png",

Filter on curly braces in file names

To look for curly braces in file names, escape the braces by using two braces. The following example filters for blobs that have curly braces in the name:

"path": "images/{{20140101}}-{name}",

If the blob is named {20140101}-soundfile.mp3, the name variable value in the function code is soundfile.mp3.


The blob trigger provides several metadata properties. These properties can be used as part of binding expressions in other bindings or as parameters in your code. These values have the same semantics as the Cloud​Blob type.

Property Type Description
BlobTrigger string The path to the triggering blob.
Uri System.Uri The blob's URI for the primary location.
Properties BlobProperties The blob's system properties.
Metadata IDictionary<string,string> The user-defined metadata for the blob.

For example, the following C# script and JavaScript examples log the path to the triggering blob, including the container:

public static void Run(string myBlob, string blobTrigger, ILogger log)
    log.LogInformation($"Full blob path: {blobTrigger}");

Blob receipts

The Azure Functions runtime ensures that no blob trigger function gets called more than once for the same new or updated blob. To determine if a given blob version has been processed, it maintains blob receipts.

Azure Functions stores blob receipts in a container named azure-webjobs-hosts in the Azure storage account for your function app (defined by the app setting AzureWebJobsStorage). A blob receipt has the following information:

  • The triggered function (<FUNCTION_APP_NAME>.Functions.<FUNCTION_NAME>, for example: MyFunctionApp.Functions.CopyBlob)
  • The container name
  • The blob type (BlockBlob or PageBlob)
  • The blob name
  • The ETag (a blob version identifier, for example: 0x8D1DC6E70A277EF)

To force reprocessing of a blob, delete the blob receipt for that blob from the azure-webjobs-hosts container manually. While reprocessing might not occur immediately, it's guaranteed to occur at a later point in time. To reprocess immediately, the scaninfo blob in azure-webjobs-hosts/blobscaninfo can be updated. Any blobs with a last modified timestamp after the LatestScan property will be scanned again.

Poison blobs

When a blob trigger function fails for a given blob, Azure Functions retries that function a total of 5 times by default.

If all 5 tries fail, Azure Functions adds a message to a Storage queue named webjobs-blobtrigger-poison. The maximum number of retries is configurable. The same MaxDequeueCount setting is used for poison blob handling and poison queue message handling. The queue message for poison blobs is a JSON object that contains the following properties:

  • FunctionId (in the format <FUNCTION_APP_NAME>.Functions.<FUNCTION_NAME>)
  • BlobType (BlockBlob or PageBlob)
  • ContainerName
  • BlobName
  • ETag (a blob version identifier, for example: 0x8D1DC6E70A277EF)

Concurrency and memory usage

The blob trigger uses a queue internally, so the maximum number of concurrent function invocations is controlled by the queues configuration in host.json. The default settings limit concurrency to 24 invocations. This limit applies separately to each function that uses a blob trigger.


For apps using the 5.0.0 or higher version of the Storage extension, the queues configuration in host.json only applies to queue triggers. The blob trigger concurrency is instead controlled by blobs configuration in host.json.

The Consumption plan limits a function app on one virtual machine (VM) to 1.5 GB of memory. Memory is used by each concurrently executing function instance and by the Functions runtime itself. If a blob-triggered function loads the entire blob into memory, the maximum memory used by that function just for blobs is 24 * maximum blob size. For example, a function app with three blob-triggered functions and the default settings would have a maximum per-VM concurrency of 3*24 = 72 function invocations.

JavaScript and Java functions load the entire blob into memory, and C# functions do that if you bind to string, or Byte[].

host.json properties

The host.json file contains settings that control blob trigger behavior. See the host.json settings section for details regarding available settings.

Next steps