Storage accounts - az storage account

Manage storage accounts.

Commands

az storage account check-name Checks that the storage account name is valid and is not already in use.
az storage account create Creates a storage account.
az storage account delete Deletes a storage account.
az storage account generate-sas Generates a shared access signature for the account.
az storage account keys Manage storage account keys.
az storage account keys list Lists the primary and secondary keys for a storage account.
az storage account keys renew Regenerates one of the access keys for the specified storage account.
az storage account list Lists storage accounts.
az storage account show Returns storage account properties.
az storage account show-connection-string Returns the properties for the specified storage account.
az storage account show-usage Show the current count and limit of the storage accounts under the subscription.
az storage account update Update the properties of a storage account.

az storage account check-name

Checks that the storage account name is valid and is not already in use.

az storage account check-name --name

Required Parameters

--name

The storage account name.

az storage account create

Creates a storage account.

az storage account create --name
--resource-group
--sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}
[--access-tier {Cool, Hot}]
[--assign-identity]
[--custom-domain]
[--encryption {blob, file, queue, table}]
[--https-only {false, true}]
[--kind {BlobStorage, Storage}]
[--location]
[--tags]

Examples

Create a storage account MyStorageAccount in resource group MyResourceGroup in the West US region with locally redundant storage.

az storage account create -n MyStorageAccount -g MyResourceGroup -l westus --sku Standard_LRS

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

--sku

The storage account SKU.

accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS

Optional Parameters

--access-tier

The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.

accepted values: Cool, Hot
--assign-identity

Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.

--custom-domain

User domain assigned to the storage account. Name is the CNAME source.

--encryption

Specifies which service(s) to encrypt.

accepted values: blob, file, queue, table
--https-only

Allows https traffic only to storage service.

accepted values: false, true
--kind

Indicates the type of storage account.

accepted values: BlobStorage, Storage
default value: Storage
--location -l

Location. You can configure the default location using az configure --defaults location=.

--tags

Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

az storage account delete

Deletes a storage account.

az storage account delete --name
--resource-group
[--yes]

Examples

Delete a storage account using one or more resource ID.

az storage account delete --ids ${storage_account_resource_id}

Delete a storage account using an account name and resource group.

az storage account delete -n MyStorageAccount -g MyResourceGroup

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--yes -y

Do not prompt for confirmation.

az storage account generate-sas

Use the returned signature with the sas_token parameter of the service or to create a new account object.

az storage account generate-sas --expiry
--permissions
--resource-types
--services
[--account-key]
[--account-name]
[--connection-string]
[--https-only]
[--ip]
[--start]

Required Parameters

--expiry

Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes invalid.

--permissions

The permissions the SAS grants. Allowed values: (a)dd (c)reate (d)elete (l)ist (p)rocess (r)ead (u)pdate (w)rite. Can be combined.

--resource-types

The resource types the SAS is applicable for. Allowed values: (s)ervice (c)ontainer (o)bject. Can be combined.

--services

The storage services the SAS is applicable for. Allowed values: (b)lob (f)ile (q)ueue (t)able. Can be combined.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Must be used in conjunction with either storage account key or a SAS token. Environment Variable: AZURE_STORAGE_ACCOUNT.

--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--https-only

Only permit requests made with the HTTPS protocol. If omitted, requests from both the HTTP and HTTPS protocol are permitted.

--ip

Specifies the IP address or range of IP addresses from which to accept requests. Supports only IPv4 style addresses.

--start

Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes valid. Defaults to the time of the request.

az storage account list

Lists storage accounts.

az storage account list [--resource-group]

Examples

List all storage accounts in a subscription.

az storage account list

List all storage accounts in a region.

az storage account list -g MyResourceGroup

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

az storage account show

Returns storage account properties.

az storage account show --name
--resource-group

Examples

Show properties for a storage account using one or more resource ID.

az storage account show --ids ${storage_account_resource_id}

Show properties for a storage account using an account name and resource group.

az storage account show -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

az storage account show-connection-string

Returns the properties for the specified storage account.

az storage account show-connection-string --name
--resource-group
[--blob-endpoint]
[--file-endpoint]
[--key {primary, secondary}]
[--protocol {http, https}]
[--queue-endpoint]
[--table-endpoint]

Examples

Get a connection string for a storage account.

az storage account show-connection-string -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--blob-endpoint

Custom endpoint for blobs.

--file-endpoint

Custom endpoint for files.

--key

The key to use.

accepted values: primary, secondary
default value: primary
--protocol

The default endpoint protocol.

accepted values: http, https
default value: https
--queue-endpoint

Custom endpoint for queues.

--table-endpoint

Custom endpoint for tables.

az storage account show-usage

Show the current count and limit of the storage accounts under the subscription.

az storage account show-usage

az storage account update

Update the properties of a storage account.

az storage account update --name
--resource-group
[--access-tier {Cool, Hot}]
[--add]
[--assign-identity]
[--custom-domain]
[--encryption {blob, file, queue, table}]
[--https-only {false, true}]
[--remove]
[--set]
[--sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
[--tags]
[--use-subdomain {false, true}]

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--access-tier

The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.

accepted values: Cool, Hot
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty .

--assign-identity

Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.

--custom-domain

User domain assigned to the storage account. Name is the CNAME source. Use "" to clear existing value.

--encryption

Specifies which service(s) to encrypt.

accepted values: blob, file, queue, table
--https-only

Allows https traffic only to storage service.

accepted values: false, true
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

The storage account SKU.

accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
--tags

Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

--use-subdomain

Specify whether to use indirect CNAME validation.

accepted values: false, true