Skip to main content

Azure Blob Storage

"Object storage: containers and blobs; similar to S3"

What is Blob Storage?

Azure Blob Storage is object storage for unstructured data (files, images, backups). You organize data in storage accounts, containers, and blobs (block, append, page).

Memory hook

"Storage account = namespace; container = like folder; blob = object (block/append/page)"

Core concepts

  • Storage account — top-level namespace; holds containers; has access keys and endpoints
  • Container — groups blobs (like a bucket in S3); can have public access level
  • Blob — object: name (key), data, metadata
    • Block blob — general purpose (files, streaming)
    • Append blob — append-only (logs)
    • Page blob — random read/write (VHDs, disks)

Access tiers (cost vs access)

TierUse caseCostAccess
HotFrequent accessHigherLow latency
CoolInfrequent (30+ days)LowerLow latency
ArchiveRare accessLowestRehydration delay (hours)

Common operations

  • Upload — put block blob (single or staged blocks)
  • Download — get blob
  • List — list blobs by prefix
  • Delete — remove blob
  • SAS (Shared Access Signature) — temporary URL with limited permissions (like presigned URL)

Typical use cases

  • Static assets — images, documents; optional CDN in front
  • Backup / archive — lifecycle to Cool/Archive
  • Data lake — raw data for analytics (Synapse, Databricks)
  • App data — file uploads, exports

Security and access

  • Access keys — account-level; full access (rotate, protect)
  • SAS — time-limited, scoped URL (container/blob, read/write)
  • Azure AD — RBAC (e.g. Storage Blob Data Contributor)
  • Network — firewall, private endpoints, VNet

Interview one-liner

"Azure Blob Storage is object storage: storage account → containers → blobs. Block blobs for files; access tiers (Hot/Cool/Archive) for cost. Use SAS for temporary access; Azure AD for identity-based access."

Cheat sheet

Storage account = namespace; container = group; blob = object
Block / Append / Page blob types
Hot / Cool / Archive = access tiers
SAS = temporary URL with permissions
Azure AD + RBAC = identity-based access