az storage account

Manage storage accounts.

Commands

az storage account check-name Checks that the storage account name is valid and is not already in use.
az storage account create Create a storage account.
az storage account delete Delete a storage account.
az storage account generate-sas Generates a shared access signature for the account.
az storage account keys Manage storage account keys.
az storage account keys list List the primary and secondary keys for a storage account.
az storage account keys renew Regenerates one of the access keys for the specified storage account.
az storage account list List storage accounts.
az storage account network-rule Manage network rules.
az storage account network-rule add Add a network rule.
az storage account network-rule list List network rules.
az storage account network-rule remove Remove a network rule.
az storage account show Show storage account properties.
az storage account show-connection-string Get the connection string for a storage account.
az storage account show-usage Show the current count and limit of the storage accounts under the subscription.
az storage account update Update the properties of a storage account.

az storage account check-name

Checks that the storage account name is valid and is not already in use.

az storage account check-name --name

Required Parameters

--name

The storage account name.

az storage account create

Create a storage account.

The SKU of the storage account defaults to 'Standard_RAGRS'.

az storage account create --name
--resource-group
[--access-tier {Cool, Hot}]
[--assign-identity]
[--bypass {AzureServices, Logging, Metrics, None}]
[--custom-domain]
[--default-action {Allow, Deny}]
[--encryption-services {blob, file, queue, table}]
[--https-only {false, true}]
[--kind {BlobStorage, Storage, StorageV2}]
[--location]
[--sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
[--tags]

Examples

Create a storage account 'MyStorageAccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage.

az storage account create -n MyStorageAccount -g MyResourceGroup -l westus --sku Standard_LRS

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--access-tier

The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.

accepted values: Cool, Hot
--assign-identity

Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.

--bypass

Bypass traffic for space-separated uses.

accepted values: AzureServices, Logging, Metrics, None
--custom-domain

User domain assigned to the storage account. Name is the CNAME source.

--default-action

Default action to apply when no rule matches.

accepted values: Allow, Deny
--encryption-services

Specifies which service(s) to encrypt.

accepted values: blob, file, queue, table
--https-only

Allows https traffic only to storage service.

accepted values: false, true
--kind

Indicates the type of storage account.

accepted values: BlobStorage, Storage, StorageV2
default value: Storage
--location -l

Location. You can configure the default location using az configure --defaults location=<location>.

--sku

The storage account SKU.

accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
default value: Standard_RAGRS
--tags

Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

az storage account delete

Delete a storage account.

az storage account delete --name
--resource-group
[--yes]

Examples

Delete a storage account using a resource ID.

az storage account delete --ids /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Storage/storageAccounts/{StorageAccount}

Delete a storage account using an account name and resource group.

az storage account delete -n MyStorageAccount -g MyResourceGroup

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--yes -y

Do not prompt for confirmation.

az storage account generate-sas

Generates a shared access signature for the account.

az storage account generate-sas --expiry
--permissions
--resource-types
--services
[--account-key]
[--account-name]
[--connection-string]
[--https-only]
[--ip]
[--start]

Required Parameters

--expiry

Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes invalid.

--permissions

The permissions the SAS grants. Allowed values: (a)dd (c)reate (d)elete (l)ist (p)rocess (r)ead (u)pdate (w)rite. Can be combined.

--resource-types

The resource types the SAS is applicable for. Allowed values: (s)ervice (c)ontainer (o)bject. Can be combined.

--services

The storage services the SAS is applicable for. Allowed values: (b)lob (f)ile (q)ueue (t)able. Can be combined.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Must be used in conjunction with either storage account key or a SAS token. Environment Variable: AZURE_STORAGE_ACCOUNT.

--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--https-only

Only permit requests made with the HTTPS protocol. If omitted, requests from both the HTTP and HTTPS protocol are permitted.

--ip

Specifies the IP address or range of IP addresses from which to accept requests. Supports only IPv4 style addresses.

--start

Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes valid. Defaults to the time of the request.

az storage account list

List storage accounts.

az storage account list [--resource-group]

Examples

List all storage accounts in a subscription.

az storage account list

List all storage accounts in a resource group.

az storage account list -g MyResourceGroup

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az storage account show

Show storage account properties.

az storage account show --name
--resource-group

Examples

Show properties for a storage account by resource ID.

az storage account show --ids /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Storage/storageAccounts/{StorageAccount}

Show properties for a storage account using an account name and resource group.

az storage account show -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az storage account show-connection-string

Get the connection string for a storage account.

az storage account show-connection-string --name
--resource-group
[--blob-endpoint]
[--file-endpoint]
[--key {primary, secondary}]
[--protocol {http, https}]
[--queue-endpoint]
[--table-endpoint]

Examples

Get a connection string for a storage account.

az storage account show-connection-string -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--blob-endpoint

Custom endpoint for blobs.

--file-endpoint

Custom endpoint for files.

--key

The key to use.

accepted values: primary, secondary
default value: primary
--protocol

The default endpoint protocol.

accepted values: http, https
default value: https
--queue-endpoint

Custom endpoint for queues.

--table-endpoint

Custom endpoint for tables.

az storage account show-usage

Show the current count and limit of the storage accounts under the subscription.

az storage account show-usage

az storage account update

Update the properties of a storage account.

az storage account update --name
--resource-group
[--access-tier {Cool, Hot}]
[--add]
[--assign-identity]
[--bypass {AzureServices, Logging, Metrics, None}]
[--custom-domain]
[--default-action {Allow, Deny}]
[--encryption-key-source]
[--encryption-key-vault-properties]
[--encryption-services {blob, file, queue, table}]
[--https-only {false, true}]
[--remove]
[--set]
[--sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
[--tags]
[--use-subdomain {false, true}]

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--access-tier

The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.

accepted values: Cool, Hot
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--assign-identity

Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.

--bypass

Bypass traffic for space-separated uses.

accepted values: AzureServices, Logging, Metrics, None
--custom-domain

User domain assigned to the storage account. Name is the CNAME source. Use "" to clear existing value.

--default-action

Default action to apply when no rule matches.

accepted values: Allow, Deny
--encryption-key-source
--encryption-key-vault-properties
--encryption-services

Specifies which service(s) to encrypt.

accepted values: blob, file, queue, table
--https-only

Allows https traffic only to storage service.

accepted values: false, true
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

The storage account SKU.

accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
--tags

Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

--use-subdomain

Specify whether to use indirect CNAME validation.

accepted values: false, true