Skip to main content

Azure Blob Storage Access

This document describes how to setup an Azure Blob storage account for DAS access. Azure Blob storage can be utilized for decisions and activity log exporters.

Using the /v1/workspace/S3Config API

Azure Blob storage containers are configured from the following data elements:

  • Container URL (optional folder). For example, azblob://styra-storage-test1.
  • Custom endpoint (optional). For example, https://accountname.blob.core.windows.net.
  • Region: none (not part of Blob storage API).
  • Access key ID. For example, Blob storage account name.
  • Secret access key. For example, Blob storage Access Key.
note

The Styra DAS UI hides the URL gs://, s3://, and azblob:// prefixes.

Verify Example /v1/workspace/s3/verify-config:

curl --request POST \
--url ''$DAS_TENANT'/v1/workspace/s3/verify-config' \
--header 'authorization: Bearer '$DAS_WORKSPACE_TOKEN'' \
--header 'content-type: application/json' \
--data \
'{
"url": "azblob://styra-storage/decisions",
"endpoint": "https://accountname.blob.core.windows.net"
"access_keys": "workspace/decision-streaming/decisions/s3",
}'

Secure Azure Blob Storage Access

Microsoft Azure Portal

Perform the following steps to create a storage account, create a blob container, create Shared Access (SAS) Token, and collect the access keys. See the Azure Blob storage overview documentation for additional details.

note

The names styra, styra1 and styra-storage-test1 are used as illustrations and can be changed to follow any enterprise naming conventions.

  1. Create Azure Storage Account.

    Figure 1 - Create Azure Storage AccountFigure 1 - Create Azure Storage Account

  2. Create a Container.

    Figure 2 - Create a ContainerFigure 2 - Create a Container

    Record the container name; it will be used by DAS decision and activity exporters.

  3. Create Container Shared Access Token (least privilege).

    Figure 3 - Create Container Shared Access TokenFigure 3 - Create Container Shared Access Token

    • Set the Read, Add, Create, Write, Delete, and List permissions.

    • Set the expiration period and refresh when needed.

    • Save the Storage Account name and Blob SAS Token for later use when configuring DAS decisions and activity exporters.

  4. (Optional) Retrieve account security credentials.

    Figure 4 - Azure KeysFigure 4 - Azure Keys

    Save the Storage Account name and Secret key for later use when configuring DAS decisions and activity exporters.

    note

    A Shared Access Signature (SAS) token is recommended.