Azure Storage — CLI & PowerShell Cheat Sheet
IntermediateCheat Sheet15 min5 min read20 Jan 2025Azure
Must-know Azure CLI, PowerShell, and AzCopy commands for managing storage accounts, blob containers, Azure Files, access keys, SAS tokens, and lifecycle policies.
Prerequisites
Storage Accounts
# Create a storage account
az storage account create \
--name mystorageacct \
--resource-group myRG \
--location eastus \
--sku Standard_LRS \
--kind StorageV2 \
--access-tier Hot
# Create premium block blob account
az storage account create \
--name mypremiumacct \
--resource-group myRG \
--location eastus \
--sku Premium_LRS \
--kind BlockBlobStorage
# List storage accounts
az storage account list --resource-group myRG --output table
# Show account details
az storage account show --name mystorageacct --resource-group myRG
# Get connection string
az storage account show-connection-string \
--name mystorageacct \
--resource-group myRG \
--output tsv
# Get access keys
az storage account keys list \
--account-name mystorageacct \
--resource-group myRG
# Rotate a key
az storage account keys renew \
--account-name mystorageacct \
--resource-group myRG \
--key primary
# Enable soft delete for blobs (7-day retention)
az storage blob service-properties delete-policy update \
--account-name mystorageacct \
--enable true \
--days-retained 7
# Delete storage account
az storage account delete \
--name mystorageacct \
--resource-group myRG --yes
New-AzStorageAccount -ResourceGroupName "myRG" -Name "mystorageacct" -Location "EastUS" -SkuName "Standard_LRS" -Kind "StorageV2"
Get-AzStorageAccount -ResourceGroupName "myRG"
Get-AzStorageAccountKey -ResourceGroupName "myRG" -Name "mystorageacct"
Remove-AzStorageAccount -ResourceGroupName "myRG" -Name "mystorageacct"
Blob Storage
Container Operations
# Set account name as env var for convenience
export AZURE_STORAGE_ACCOUNT=mystorageacct
export AZURE_STORAGE_KEY=$(az storage account keys list -n mystorageacct -g myRG --query "[0].value" -o tsv)
# Create a container
az storage container create \
--account-name mystorageacct \
--name mycontainer \
--public-access blob # off | blob | container
# List containers
az storage container list \
--account-name mystorageacct --output table
# Delete container
az storage container delete \
--account-name mystorageacct \
--name mycontainer
Blob Upload / Download
# Upload a file
az storage blob upload \
--account-name mystorageacct \
--container-name mycontainer \
--name myfile.txt \
--file ./localfile.txt \
--tier Hot
# Upload a directory (batch)
az storage blob upload-batch \
--account-name mystorageacct \
--destination mycontainer \
--source ./mydir
# Download a blob
az storage blob download \
--account-name mystorageacct \
--container-name mycontainer \
--name myfile.txt \
--file ./downloaded.txt
# Download entire container
az storage blob download-batch \
--account-name mystorageacct \
--source mycontainer \
--destination ./local-dir
# List blobs
az storage blob list \
--account-name mystorageacct \
--container-name mycontainer \
--output table
# Delete blob
az storage blob delete \
--account-name mystorageacct \
--container-name mycontainer \
--name myfile.txt
# Copy blob between accounts
az storage blob copy start \
--account-name destaccount \
--destination-container destcontainer \
--destination-blob myfile.txt \
--source-uri "https://srcaccount.blob.core.windows.net/srccontainer/myfile.txt?<SAS>"
Access Tiers
# Change blob tier
az storage blob set-tier \
--account-name mystorageacct \
--container-name mycontainer \
--name myfile.txt \
--tier Archive # Hot | Cool | Cold | Archive
# Rehydrate from Archive
az storage blob set-tier \
--account-name mystorageacct \
--container-name mycontainer \
--name myfile.txt \
--tier Hot \
--rehydrate-priority High # Standard (up to 15h) | High (1h)
SAS Tokens
# Generate account SAS
az storage account generate-sas \
--account-name mystorageacct \
--account-key <key> \
--resource-types sco \
--services b \
--permissions rwdlacupiytfx \
--expiry 2025-12-31T00:00:00Z \
--output tsv
# Generate container SAS
az storage container generate-sas \
--account-name mystorageacct \
--name mycontainer \
--permissions rl \
--expiry 2025-12-31 \
--output tsv
# Generate blob SAS
az storage blob generate-sas \
--account-name mystorageacct \
--container-name mycontainer \
--name myfile.txt \
--permissions r \
--expiry 2025-06-01T00:00:00Z \
--output tsv
AzCopy
# Copy from local to Azure Blob
azcopy copy './localfile.txt' \
'https://mystorageacct.blob.core.windows.net/mycontainer/myfile.txt?<SAS>'
# Copy entire folder (recursive)
azcopy copy './mydir' \
'https://mystorageacct.blob.core.windows.net/mycontainer?<SAS>' \
--recursive
# Sync folder (only changed files)
azcopy sync './mydir' \
'https://mystorageacct.blob.core.windows.net/mycontainer?<SAS>' \
--recursive
# Copy between accounts
azcopy copy \
'https://src.blob.core.windows.net/srccontainer?<SAS>' \
'https://dest.blob.core.windows.net/destcontainer?<SAS>' \
--recursive
# List blobs
azcopy list 'https://mystorageacct.blob.core.windows.net/mycontainer?<SAS>'
# Check job status
azcopy jobs list
azcopy jobs show <job-id>
Azure Files
# Create a file share
az storage share create \
--account-name mystorageacct \
--name myshare \
--quota 100 # GiB
# List shares
az storage share list \
--account-name mystorageacct --output table
# Upload a file
az storage file upload \
--account-name mystorageacct \
--share-name myshare \
--source ./myfile.txt \
--path "folder/myfile.txt"
# Download a file
az storage file download \
--account-name mystorageacct \
--share-name myshare \
--path "folder/myfile.txt" \
--dest ./myfile.txt
# List files in share
az storage file list \
--account-name mystorageacct \
--share-name myshare --output table
# Mount on Linux
sudo mount -t cifs //mystorageacct.file.core.windows.net/myshare /mnt/myshare \
-o vers=3.0,username=mystorageacct,password=<key>,dir_mode=0777,file_mode=0777
# Mount on Windows (PowerShell)
$acctKey = ConvertTo-SecureString -String "<storagekey>" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -ArgumentList "Azure\mystorageacct", $acctKey
New-PSDrive -Name Z -PSProvider FileSystem -Root "\\mystorageacct.file.core.windows.net\myshare" -Credential $credential -Persist
Lifecycle Management
# Apply lifecycle policy from JSON file
az storage account management-policy create \
--account-name mystorageacct \
--resource-group myRG \
--policy @lifecycle-policy.json
{
"rules": [
{
"name": "TierAndExpire",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": { "blobTypes": ["blockBlob"], "prefixMatch": ["logs/"] },
"actions": {
"baseBlob": {
"tierToCool": { "daysAfterModificationGreaterThan": 30 },
"tierToArchive": { "daysAfterModificationGreaterThan": 90 },
"delete": { "daysAfterModificationGreaterThan": 365 }
},
"snapshot": {
"delete": { "daysAfterCreationGreaterThan": 90 }
}
}
}
}
]
}
Key Facts for AZ-104
| Concept | Detail |
|---|---|
| LRS | 3 copies in one datacenter; cheapest; no zone/geo protection |
| ZRS | 3 copies across 3 availability zones; zone-resilient |
| GRS | LRS + async copy to paired region; 6 total copies |
| GZRS | ZRS + async copy to paired region; most durable |
| Hot tier | Frequent access; higher storage cost |
| Cool tier | Infrequent access (30-day min); lower storage cost |
| Archive | Rare access; must rehydrate (hours); lowest cost |
| SAS | Delegate limited access without sharing keys |
| Stored Access Policy | Add/revoke SAS permissions centrally |
| Soft delete | Recover deleted blobs within retention period |