Configure object replication Azure Storage blob object replication provides asynchronous replication of block blobs from one storage account to another. The blobs are replicated based on the defined replication rules. Using object replication requires that the blob versioning options are enabled for both the source and destination storage accounts. Additionally, the source storage account must…
Namespace – Google Cloud Cert Guide
By default, GKE creates several namespaces such as kube-node-lease, kube-public, and kube-system. When creating a GKE Autopilot cluster, the default namespace is created for our workloads. GKE Standard mode allows us to specify a node pool’s newly created namespace manually. Namespaces are used to isolate groups of resources within a single cluster. The name of…
Pod lifecycle – Google Cloud Cert Guide
Pods go through a specific sequence of stages throughout their lifecycle. It begins with the Pending phase, progresses to the Running phase if at least one of its primary containers starts successfully, and ultimately transitions to either the Succeeded or Failed phase based on whether any container within the Pod terminates with a failure. Pods…
Resource scope for blobs and queues
Resource scope for blobs and queues It is also important to determine the scope of the access for the security principal before you assign an RBAC role. You can narrow the scope to the container, queue, or table level. Here are the valid scopes: Entra ID authentication and authorization in the Azure portal In…
Managing access keys in Azure Key Vault
Managing access keys in Azure Key Vault It is important to protect the storage account access keys because they provide full access to the storage account. Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services, such as authentication keys, storage account keys, data encryption keys, and certificate private keys….
Use user delegation SAS – MS AZ-104 Study Guide
Use user delegation SAS You can also create user delegation SAS using Microsoft Entra ID credentials. The user delega- tion SAS is only supported by Blob Storage, and it can grant access to containers and blobs. Currently, SAS is not supported for user delegation SAS. Configure stored access policies A SAS token incorporates the access…
Create and use shared access signature (SAS) tokens
Create and use shared access signature (SAS) tokens There are a few different ways you can create a SAS token. A SAS token is a way to granularly control how a client can access data in an Azure storage account. You can also use an account- level SAS to access the account itself. You can…
Virtual network service endpoints – MS AZ-104 Study Guide
Virtual network service endpoints In some scenarios, a storage account is only accessed from within an Azure virtual network. In this case, it is desirable from a security standpoint to block all internet access. Configuring virtual network service endpoints for your Azure storage account, you can remove access from the public internet and only allow…
Configure Azure Storage firewalls and virtual networks
Configure Azure Storage firewalls and virtual networks Storage accounts are managed through Azure Resource Manager. Management operations are authenticated and authorized using Microsoft Entra ID RBAC. Each storage service exposes its own endpoint used to manage the data in that storage service (blobs in Blob Storage, entities in tables, and so on). These service-specific endpoints…
Access tiers – Azure AZ-104 Exam
Access tiers Azure Blob Storage supports four access tiers: Hot, Cool, Cold, and Archive. Each represents a trade-off of availability and cost. There is no trade-off on the durability (probability of data loss), which is defined by the SKU and replication, not the access tier. The tiers are as follows: New blobs will default to…