Lab Overview

In this hands-on lab, you will learn how to create a Shared Access Signature (SAS) token in Azure Storage.

A SAS token is a secure way to grant limited access to storage resources within an Azure Storage account. It allows for time-bound, controlled access to specific resources such as blobs, files, and queues, without exposing the storage account’s access keys.

This lab will guide you through the steps to create a SAS token, configure its permissions, set its access scope, and restrict access based on IP addresses, dates, and other parameters.

By the end of the lab, you will have created a SAS token with read-only permissions for a blob container, ensuring secure access to the storage resources while preventing write, delete, or modify operations.

Learning Objectives

• • Understand the concept and purpose of Shared Access Signatures (SAS) in Azure Storage.
  • Learn how to configure a SAS token for limited access to specific Azure Storage resources.
  • Apply security settings such as IP restrictions and time-limited access to your SAS token.
  • Generate a SAS token and connection string for secure access to Azure Storage blobs.
  • Implement best practices for granting read-only permissions while preventing write and delete access.

Exam Relevance

The skills you learn in this lab are necessary to pass the following Azure certification exams:

• • AZ-104
  • AZ-305