Example: Create Azure Storage using the Azure libraries for Python

In this article, you learn how to use the Azure management libraries in a Python script to create a resource group that contains an Azure Storage account and a Blob storage container.

After creating the resources, see Example: Use Azure Storage to use the Azure client libraries in Python application code to upload a file to the Blob storage container.

All the commands in this article work the same in Linux/macOS bash and Windows command shells unless noted.

The Equivalent Azure CLI commands are listed later in this article. If you prefer to use the Azure portal, see Create an Azure storage account and Create a blob container.

1: Set up your local development environment

If you haven't already, set up an environment where you can run the code. Here are some options:

• Configure a Python virtual environment using venv or your tool of choice. You can create the virtual environment locally or in Azure Cloud Shell and run the code there. Be sure to activate the virtual environment to start using it.

• Use a conda environment.

• Use a Dev Container in Visual Studio Code or GitHub Codespaces.

2: Install the needed Azure library packages

1. Create a requirements.txt file that lists the management libraries used in this example:

   azure-mgmt-resource
   azure-mgmt-storage
   azure-identity
   

2. In your terminal with the virtual environment activated, install the requirements:

   pip install -r requirements.txt
   

3: Write code to create storage resources

Create a Python file named provision_blob.py with the following code. The comments explain the details. The script reads your subscription ID from an environment variable, AZURE_SUBSCRIPTION_ID. You set this variable in a later step. The resource group name, location, storage account name, and container name are all defined as constants in the code.

import os, random

# Import the needed management objects from the libraries. The azure.common library
# is installed automatically with the other libraries.
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient

# Acquire a credential object.
credential = DefaultAzureCredential()

# Retrieve subscription ID from environment variable.
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]

# Obtain the management object for resources.
resource_client = ResourceManagementClient(credential, subscription_id)

# Constants we need in multiple places: the resource group name and the region
# in which we provision resources. You can change these values however you want.
RESOURCE_GROUP_NAME = "PythonAzureExample-Storage-rg"
LOCATION = "centralus"

# Step 1: Provision the resource group.

rg_result = resource_client.resource_groups.create_or_update(RESOURCE_GROUP_NAME,
    { "location": LOCATION })

print(f"Provisioned resource group {rg_result.name}")

# For details on the previous code, see Example: Provision a resource group
# at https://docs.microsoft.com/azure/developer/python/azure-sdk-example-resource-group


# Step 2: Provision the storage account, starting with a management object.

storage_client = StorageManagementClient(credential, subscription_id)

STORAGE_ACCOUNT_NAME = f"pythonazurestorage{random.randint(1,100000):05}"

# You can replace the storage account here with any unique name. A random number is used
# by default, but note that the name changes every time you run this script.
# The name must be 3-24 lower case letters and numbers only.


# Check if the account name is available. Storage account names must be unique across
# Azure because they're used in URLs.
availability_result = storage_client.storage_accounts.check_name_availability(
    { "name": STORAGE_ACCOUNT_NAME }
)

if not availability_result.name_available:
    print(f"Storage name {STORAGE_ACCOUNT_NAME} is already in use. Try another name.")
    exit()

# The name is available, so provision the account
poller = storage_client.storage_accounts.begin_create(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME,
    {
        "location" : LOCATION,
        "kind": "StorageV2",
        "sku": {"name": "Standard_LRS"}
    }
)

# Long-running operations return a poller object; calling poller.result()
# waits for completion.
account_result = poller.result()
print(f"Provisioned storage account {account_result.name}")


# Step 3: Retrieve the account's primary access key and generate a connection string.
keys = storage_client.storage_accounts.list_keys(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME)

print(f"Primary key for storage account: {keys.keys[0].value}")

conn_string = f"DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName={STORAGE_ACCOUNT_NAME};AccountKey={keys.keys[0].value}"

print(f"Connection string: {conn_string}")

# Step 4: Provision the blob container in the account (this call is synchronous)
CONTAINER_NAME = "blob-container-01"
container = storage_client.blob_containers.create(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME, CONTAINER_NAME, {})

# The fourth argument is a required BlobContainer object, but because we don't need any
# special values there, so we just pass empty JSON.

print(f"Provisioned blob container {container.name}")

Authentication in the code

Later in this article, you sign in to Azure with the Azure CLI to run the sample code. If your account has permissions to create resource groups and storage resources in your Azure subscription, the code will run successfully.

To use such code in a production script, you can set environment variables to use a service principal-based method for authentication. To learn more, see How to authenticate Python apps with Azure services. You need to ensure that the service principal has sufficient permissions to create resource groups and storage resources in your subscription by assigning it an appropriate role in Azure; for example, the Contributor role on your subscription.

Reference links for classes used in the code

• DefaultAzureCredential (azure.identity)
• ResourceManagementClient (azure.mgmt.resource)
• StorageManagementClient (azure.mgmt.storage)

4. Run the script

1. If you haven't already, sign in to Azure using the Azure CLI:

   az login
   

2. Set the AZURE_SUBSCRIPTION_ID environment variable to your subscription ID. (You can run the az account show command and get your subscription ID from the id property in the output):

   cmd

   set AZURE_SUBSCRIPTION_ID=00000000-0000-0000-0000-000000000000
   

   bash

   AZURE_SUBSCRIPTION_ID=00000000-0000-0000-0000-000000000000
   

3. Run the script:

   python provision_blob.py
   

The script will take a minute or two to complete.

5: Verify the resources

1. Open the Azure portal to verify that the resource group and storage account were created as expected. You may need to wait a minute and also select Show hidden types in the resource group.

   

2. Select the storage account, then select Data storage > Containers in the left-hand menu to verify that the "blob-container-01" appears:

   

3. If you want to try using these resources from application code, continue with Example: Use Azure Storage.

For an additional example of using the Azure Storage management library, see the Manage Python Storage sample.

For reference: equivalent Azure CLI commands

The following Azure CLI commands complete the same creation steps as the Python script:

cmd

rem Provision the resource group

az group create ^
-n PythonAzureExample-Storage-rg ^
-l centralus

rem Provision the storage account

set account=pythonazurestorage%random%
echo Storage account name is %account%

az storage account create ^
-g PythonAzureExample-Storage-rg ^
-l centralus ^
-n %account% ^
--kind StorageV2 ^
--sku Standard_LRS

rem Retrieve the connection string

FOR /F %i IN ('az storage account show-connection-string -g PythonAzureExample-Storage-rg -n %account% --query connectionString') do (SET connstr=%i)

rem Provision the blob container

az storage container create ^
--name blob-container-01 ^
--account-name %account% ^
--connection-string %connstr%

bash

# Provision the resource group

az group create \
-n PythonAzureExample-Storage-rg \
-l centralus

# Provision the storage account

ACCOUNT_NAME=pythonazurestorage$(echo $RANDOM | md5sum | head -c 6)

az storage account create \
-g PythonAzureExample-Storage-rg \
-l centralus \
-n $ACCOUNT_NAME \
--kind StorageV2 \
--sku Standard_LRS

# Retrieve the connection string

echo Storage account name is $ACCOUNT_NAME

CONNECTION_STRING=$(az storage account show-connection-string \
-g PythonAzureExample-Storage-rg \
-n $ACCOUNT_NAME \
--query connectionString)

# Provision the blob container

az storage container create --name "blob-container-01" \
--account-name $ACCOUNT_NAME \
--connection-string $CONNECTION_STRING

6: Clean up resources

Leave the resources in place if you want to follow the article Example: Use Azure Storage to use these resources in app code. Otherwise, run the az group delete command if you don't need to keep the resource group and storage resources created in this example.

Resource groups don't incur any ongoing charges in your subscription, but resources, like storage accounts, in the resource group might incur charges. It's a good practice to clean up any group that you aren't actively using. The --no-wait argument allows the command to return immediately instead of waiting for the operation to finish.

az group delete -n PythonAzureExample-Storage-rg  --no-wait

You can also use the ResourceManagementClient.resource_groups.begin_delete method to delete a resource group from code. The code in Example: Create a resource group demonstrates usage.

See also

• Example: Use Azure Storage
• Example: Create a resource group
• Example: List resource groups in a subscription
• Example: Create a web app and deploy code
• Example: Create and query a database
• Example: Create a virtual machine
• Use Azure Managed Disks with virtual machines
• Complete a short survey about the Azure SDK for Python