az storage account

Manage storage accounts.

Commands

az storage account check-name Checks that the storage account name is valid and is not already in use.
az storage account create Create a storage account.
az storage account delete Delete a storage account.
az storage account generate-sas Generates a shared access signature for the account.
az storage account keys Manage storage account keys.
az storage account keys list List the primary and secondary keys for a storage account.
az storage account keys renew Regenerates one of the access keys for the specified storage account.
az storage account list List storage accounts.
az storage account network-rule Manage network rules.
az storage account network-rule add Add a network rule.
az storage account network-rule list List network rules.
az storage account network-rule remove Remove a network rule.
az storage account show Show storage account properties.
az storage account show-connection-string Get the connection string for a storage account.
az storage account show-usage Show the current count and limit of the storage accounts under the subscription.
az storage account update Update the properties of a storage account.

az storage account check-name

Checks that the storage account name is valid and is not already in use.

az storage account check-name --name

Required Parameters

--name
The storage account name.

az storage account create

Create a storage account.

az storage account create --name
--resource-group
--sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}
[--access-tier {Cool, Hot}]
[--assign-identity]
[--bypass {AzureServices, Logging, Metrics, None}]
[--custom-domain]
[--default-action {Allow, Deny}]
[--encryption-services {blob, file}]
[--https-only {false, true}]
[--kind {BlobStorage, Storage}]
[--location]
[--tags]

Examples

Create a storage account 'MyStorageAccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage.

az storage account create -n MyStorageAccount -g MyResourceGroup -l westus --sku Standard_LRS

Required Parameters

--name -n
The storage account name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.
--sku
The storage account SKU.
accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS

Optional Parameters

--access-tier
The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.
accepted values: Cool, Hot
--assign-identity
Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.
--bypass
Bypass traffic for space-separated uses.
accepted values: AzureServices, Logging, Metrics, None
--custom-domain
User domain assigned to the storage account. Name is the CNAME source.
--default-action
Default action to apply when no rule matches.
accepted values: Allow, Deny
--encryption-services
Specifies which service(s) to encrypt.
accepted values: blob, file
--https-only
Allows https traffic only to storage service.
accepted values: false, true
--kind
Indicates the type of storage account.
accepted values: BlobStorage, Storage
default value: Storage
--location -l
Location. You can configure the default location using `az configure --defaults location=<location>`.
--tags
Space separated tags in 'key[=value]' format. Use "" to clear existing tags.

az storage account delete

Delete a storage account.

az storage account delete --name
--resource-group
[--yes]

Examples

Delete a storage account using a resource ID.

az storage account delete --ids /subscriptions/{SubID}/resourceGroups/{MyResourceGroup}/providers/Microsoft.Storage/storageAccounts/{MyStorageAccount}

Delete a storage account using an account name and resource group.

az storage account delete -n MyStorageAccount -g MyResourceGroup

Required Parameters

--name -n
The storage account name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

Optional Parameters

--yes -y
Do not prompt for confirmation.

az storage account generate-sas

Generates a shared access signature for the account.

az storage account generate-sas --expiry
--permissions
--resource-types
--services
[--account-key]
[--account-name]
[--connection-string]
[--https-only]
[--ip]
[--start]

Required Parameters

--expiry
Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes invalid.
--permissions
The permissions the SAS grants. Allowed values: (a)dd (c)reate (d)elete (l)ist (p)rocess (r)ead (u)pdate (w)rite. Can be combined.
--resource-types
The resource types the SAS is applicable for. Allowed values: (s)ervice (c)ontainer (o)bject. Can be combined.
--services
The storage services the SAS is applicable for. Allowed values: (b)lob (f)ile (q)ueue (t)able. Can be combined.

Optional Parameters

--account-key
Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.
--account-name
Storage account name. Must be used in conjunction with either storage account key or a SAS token. Environment Variable: AZURE_STORAGE_ACCOUNT.
--connection-string
Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.
--https-only
Only permit requests made with the HTTPS protocol. If omitted, requests from both the HTTP and HTTPS protocol are permitted.
--ip
Specifies the IP address or range of IP addresses from which to accept requests. Supports only IPv4 style addresses.
--start
Specifies the UTC datetime (Y-m-d'T'H:M'Z') at which the SAS becomes valid. Defaults to the time of the request.

az storage account list

List storage accounts.

az storage account list [--resource-group]

Examples

List all storage accounts in a subscription.

az storage account list

List all storage accounts in a resource group.

az storage account list -g MyResourceGroup

Optional Parameters

--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

az storage account show

Show storage account properties.

az storage account show --name
--resource-group

Examples

Show properties for a storage account by resource ID.

az storage account show --ids /subscriptions/{SubID}/resourceGroups/{MyResourceGroup}/providers/Microsoft.Storage/storageAccounts/{MyStorageAccount}

Show properties for a storage account using an account name and resource group.

az storage account show -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n
The storage account name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

az storage account show-connection-string

Get the connection string for a storage account.

az storage account show-connection-string --name
--resource-group
[--blob-endpoint]
[--file-endpoint]
[--key {primary, secondary}]
[--protocol {http, https}]
[--queue-endpoint]
[--table-endpoint]

Examples

Get a connection string for a storage account.

az storage account show-connection-string -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n
The storage account name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

Optional Parameters

--blob-endpoint
Custom endpoint for blobs.
--file-endpoint
Custom endpoint for files.
--key
The key to use.
accepted values: primary, secondary
default value: primary
--protocol
The default endpoint protocol.
accepted values: http, https
default value: https
--queue-endpoint
Custom endpoint for queues.
--table-endpoint
Custom endpoint for tables.

az storage account show-usage

Show the current count and limit of the storage accounts under the subscription.

az storage account show-usage

az storage account update

Update the properties of a storage account.

az storage account update --name
--resource-group
[--access-tier {Cool, Hot}]
[--add]
[--assign-identity]
[--bypass {AzureServices, Logging, Metrics, None}]
[--custom-domain]
[--default-action {Allow, Deny}]
[--encryption-key-name]
[--encryption-key-source {Microsoft.Keyvault, Microsoft.Storage}]
[--encryption-key-vault]
[--encryption-key-version]
[--encryption-services {blob, file}]
[--https-only {false, true}]
[--remove]
[--set]
[--sku {Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
[--tags]
[--use-subdomain {false, true}]

Required Parameters

--name -n
The storage account name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

Optional Parameters

--access-tier
The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.
accepted values: Cool, Hot
--add
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty .
--assign-identity
Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.
--bypass
Bypass traffic for space-separated uses.
accepted values: AzureServices, Logging, Metrics, None
--custom-domain
User domain assigned to the storage account. Name is the CNAME source. Use "" to clear existing value.
--default-action
Default action to apply when no rule matches.
accepted values: Allow, Deny
--encryption-key-name
The name of the KeyVault key.
--encryption-key-source
The encryption keySource (provider). Default: Microsoft.Storage.
accepted values: Microsoft.Keyvault, Microsoft.Storage
--encryption-key-vault
The Uri of the KeyVault.
--encryption-key-version
The version of the KeyVault key.
--encryption-services
Specifies which service(s) to encrypt.
accepted values: blob, file
--https-only
Allows https traffic only to storage service.
accepted values: false, true
--remove
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
--set
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
--sku
The storage account SKU.
accepted values: Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
--tags
Space separated tags in 'key[=value]' format. Use "" to clear existing tags.
--use-subdomain
Specify whether to use indirect CNAME validation.
accepted values: false, true