Create a SAS Token in Azure Storage
Lab Overview
In this hands-on lab, you will learn how to create a Shared Access Signature (SAS) token in Azure Storage.
A SAS token is a secure way to grant limited access to storage resources within an Azure Storage account. It allows for time-bound, controlled access to specific resources such as blobs, files, and queues, without exposing the storage account’s access keys.
This lab will guide you through the steps to create a SAS token, configure its permissions, set its access scope, and restrict access based on IP addresses, dates, and other parameters.
By the end of the lab, you will have created a SAS token with read-only permissions for a blob container, ensuring secure access to the storage resources while preventing write, delete, or modify operations.
Learning Objectives
- Understand the concept and purpose of Shared Access Signatures (SAS) in Azure Storage.
- Learn how to configure a SAS token for limited access to specific Azure Storage resources.
- Apply security settings such as IP restrictions and time-limited access to your SAS token.
- Generate a SAS token and connection string for secure access to Azure Storage blobs.
- Implement best practices for granting read-only permissions while preventing write and delete access.
Exam Relevance
The skills you learn in this lab are necessary to pass the following Azure certification exams:
- AZ-104
- AZ-305