Contents x
    Azure Blob Storage
    • 03 Jul 2024
    • 1 Minute to read
    • PDF
    Contents

    Azure Blob Storage

    • Updated on 03 Jul 2024
    • 1 Minute to read
    • PDF
    Article summary

    Azure Blob Storage, an object storage service offered by Azure, is one of many delivery destinations that Bobsled supports. Bobsled will transfer the data to a Bobsled-managed destination Azure Blob Storage and grant permissions to the Azure application(s) that are configured in the destination section of a given share. The permissions granted allow each Azure application to perform read and copy operations on the Bobsled-managed destination container.

    Bobsled grants the following permissions to all Azure applications that are granted access to the data in the share:

    • Storage Blob Data Reader: Read and list Azure Storage containers and blobs

    • Storage Blob Delegator: Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials.

    Authorization

    To access deliveries made to the Bobsled-managed container, you will need to configure Bobsled to grant an Azure application with read access to the Bobsled-managed destination container. There are two types of Azure applications that you may configure to gain access to the container:

    • Bobsled-managed application or,

    • Consumer managed application.

    To learn more about Azure applications used within Bobsled please visit: Account Access Identifiers in Azure.

    Bobsled-managed Application

    You are able to create up to 100 client secrets or "passwords" for the Azure application principal in order to access the data. Using the credentials of the Bobsled-managed service principal, the consumer is able to list the contents of the container and generate a Shared Access Token to copy the data to their own container. Learn more on the Bobsled-managed destination setup guide.

    Consumer-managed Application

    When using a consumer-managed application, you will be required to provide its associated application (client) ID. Bobsled will grant your application access to the Bobsled-managed destination container that is present in Bobsled's AD tenant. Using the credentials of the consumer-managed application, the consumer is able to list the contents of the container and generate a Shared Access Token to copy the data to their own container. Learn more on the Consumer-managed destination setup guide.

    Consuming a data transfer

    Once you’ve configured your destination in a share, granted access to the application, and transferred data, learn how to consume a data transfer in Azure Blob Storage.

    Was this article helpful?
    What's Next