Azure Shared Access Signature
Intro
My notes on Shared Access Signature (SAS). A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources
Â
Dcoumentation
Â
Tips and Tidbits
Â
Shared access signature (SAS) provides secure delegated access to resources.
SAS offers granular control over data access, including the ability to limit access to an individual storage object, such as a blob, restricting such access to a custom time window, as well as filtering network access to a designated IP address range.
By distributing a shared access signature URI to these clients, you grant them access to a resource for a specified period of time.
SAS is a secure way to share your storage resources without compromising your account keys.
There are two types of SAS: account and service.
The account SAS delegates access to resources in one or more of the storage services.
The service SAS delegates access to a resource in just one of the storage services.
Â
SAS Fields
Â
Be careful with SAS start time. If you set the start time for a SAS to now, then due to clock skew (differences in current time according to different machines), failures may be observed intermittently for the first few minutes.
In general, set the start time to be at least 15 minutes in the past. Or, don't set it at all, which will make it valid immediately in all cases.
The same generally applies to expiry time as well - remember that you may observe up to 15 minutes of clock skew in either direction on any request.
Â
Copying A File With A SAS Token
Note the SAS token ?sv=2020-02-10&ss=b&srt=sco&sp=rlc&se=2021-03-16T10:42:13Z&st=2021-03-13T02:42:13Z&spr=https&sig=%2B%2FFF52GVJ0vfKF%2F6l%2BLY9DjvAiToW2shr8VQNbeEl%2Bs%3D
is added after the destination path which includes the container name container1
and filename in the container az30306ablob.html
azcopy cp './az30306ablob.html' "https://$storageAccountName.blob.core.windows.net/container1/az30306ablob.html?sv=2020-02-10&ss=b&srt=sco&sp=rlc&se=2021-03-16T10:42:13Z&st=2021-03-13T02:42:13Z&spr=https&sig=%2B%2FFF52GVJ0vfKF%2F6l%2BLY9DjvAiToW2shr8VQNbeEl%2Bs%3D"