az storage account

Manage storage accounts.

Commands

az storage account check-name

Checks that the storage account name is valid and is not already in use.

az storage account create

Create a storage account.

az storage account delete

Delete a storage account.

az storage account failover

Failover request can be triggered for a storage account in case of availability issues.

az storage account keys

Manage storage account keys.

az storage account keys list

List the access keys or Kerberos keys (if active directory enabled) for a storage account.

az storage account keys renew

Regenerate one of the access keys or Kerberos keys (if active directory enabled) for a storage account.

az storage account list

List storage accounts.

az storage account management-policy

Manage storage account management policies.

az storage account management-policy create

Creates the data policy rules associated with the specified storage account.

az storage account management-policy delete

Deletes the data policy rules associated with the specified storage account.

az storage account management-policy show

Gets the data policy rules associated with the specified storage account.

az storage account management-policy update

Updates the data policy rules associated with the specified storage account.

az storage account network-rule

Manage network rules.

az storage account network-rule add

Add a network rule.

az storage account network-rule list

List network rules.

az storage account network-rule remove

Remove a network rule.

az storage account show

Show storage account properties.

az storage account show-usage

Show the current count and limit of the storage accounts under the subscription.

az storage account update

Update the properties of a storage account.

az storage account check-name

Checks that the storage account name is valid and is not already in use.

az storage account check-name --name

Required Parameters

--name -n

The storage account name.

az storage account create

Create a storage account.

The SKU of the storage account defaults to 'Standard_RAGRS'.

az storage account create --name
                          --resource-group
                          [--access-tier {Cool, Hot}]
                          [--assign-identity]
                          [--bypass {AzureServices, Logging, Metrics, None}]
                          [--custom-domain]
                          [--default-action {Allow, Deny}]
                          [--encryption-services {blob, file, queue, table}]
                          [--hierarchical-namespace {false, true}]
                          [--https-only {false, true}]
                          [--kind {BlobStorage, BlockBlobStorage, FileStorage, Storage, StorageV2}]
                          [--location]
                          [--sku {Premium_LRS, Premium_ZRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
                          [--tags]

Examples

Create a storage account 'mystorageaccount' in resource group 'MyResourceGroup' in the West US region with locally redundant storage.

az storage account create -n mystorageaccount -g MyResourceGroup -l westus --sku Standard_LRS

Required Parameters

--name -n

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--access-tier

The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.

accepted values: Cool, Hot
--assign-identity

Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.

--bypass

Bypass traffic for space-separated uses.

accepted values: AzureServices, Logging, Metrics, None
--custom-domain

User domain assigned to the storage account. Name is the CNAME source.

--default-action

Default action to apply when no rule matches.

accepted values: Allow, Deny
--encryption-services

Specifies which service(s) to encrypt.

accepted values: blob, file, queue, table
--hierarchical-namespace

Allows the blob service to exhibit filesystem semantics.

accepted values: false, true
--https-only

Allows https traffic only to storage service.

accepted values: false, true
--kind

Indicates the type of storage account.

accepted values: BlobStorage, BlockBlobStorage, FileStorage, Storage, StorageV2
default value: Storage
--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--sku

The storage account SKU.

accepted values: Premium_LRS, Premium_ZRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
default value: Standard_RAGRS
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

az storage account delete

Delete a storage account.

az storage account delete --name
                          [--resource-group]
                          [--yes]

Examples

Delete a storage account using a resource ID.

az storage account delete --ids /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Storage/storageAccounts/{StorageAccount}

Delete a storage account using an account name and resource group.

az storage account delete -n MyStorageAccount -g MyResourceGroup

Required Parameters

--name -n

The storage account name.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az storage account failover

Failover request can be triggered for a storage account in case of availability issues.

The failover occurs from the storage account's primary cluster to secondary cluster for (RA-)GRS/GZRS accounts. The secondary cluster will become primary after failover. For more information, please refer to https://docs.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance.

az storage account failover --name
                            [--no-wait]
                            [--resource-group]
                            [--yes]

Examples

Failover a storage account.

az storage account failover -n mystorageaccount -g MyResourceGroup

Failover a storage account without waiting for complete.

az storage account failover -n mystorageaccount -g MyResourceGroup --no-wait
az storage account show -n mystorageaccount --expand geoReplicationStats

Required Parameters

--name -n

The storage account name.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az storage account list

List storage accounts.

az storage account list [--resource-group]

Examples

List all storage accounts in a subscription.

az storage account list

List all storage accounts in a resource group.

az storage account list -g MyResourceGroup

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az storage account show

Show storage account properties.

az storage account show --name
                        [--expand {geoReplicationStats}]
                        [--resource-group]

Examples

Show properties for a storage account by resource ID.

az storage account show --ids /subscriptions/{SubID}/resourceGroups/{ResourceGroup}/providers/Microsoft.Storage/storageAccounts/{StorageAccount}

Show properties for a storage account using an account name and resource group.

az storage account show -g MyResourceGroup -n MyStorageAccount

Required Parameters

--name -n

The storage account name.

Optional Parameters

--expand

May be used to expand the properties within account's properties. By default, data is not included when fetching properties. Currently we only support geoReplicationStats.

accepted values: geoReplicationStats
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az storage account show-usage

Show the current count and limit of the storage accounts under the subscription.

az storage account show-usage --location

Examples

Show the current count and limit of the storage accounts under the subscription. (autogenerated)

az storage account show-usage --location westus2

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

az storage account update

Update the properties of a storage account.

az storage account update --name
                          [--access-tier {Cool, Hot}]
                          [--add]
                          [--assign-identity]
                          [--bypass {AzureServices, Logging, Metrics, None}]
                          [--custom-domain]
                          [--default-action {Allow, Deny}]
                          [--encryption-key-name]
                          [--encryption-key-source {Microsoft.Keyvault, Microsoft.Storage}]
                          [--encryption-key-vault]
                          [--encryption-key-version]
                          [--encryption-services {blob, file, queue, table}]
                          [--force-string]
                          [--https-only {false, true}]
                          [--remove]
                          [--resource-group]
                          [--set]
                          [--sku {Premium_LRS, Premium_ZRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS}]
                          [--tags]
                          [--use-subdomain {false, true}]

Required Parameters

--name -n

The storage account name.

Optional Parameters

--access-tier

The access tier used for billing StandardBlob accounts. Cannot be set for StandardLRS, StandardGRS, StandardRAGRS, or PremiumLRS account types. It is required for StandardBlob accounts during creation.

accepted values: Cool, Hot
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--assign-identity

Generate and assign a new Storage Account Identity for this storage account for use with key management services like Azure KeyVault.

--bypass

Bypass traffic for space-separated uses.

accepted values: AzureServices, Logging, Metrics, None
--custom-domain

User domain assigned to the storage account. Name is the CNAME source. Use "" to clear existing value.

--default-action

Default action to apply when no rule matches.

accepted values: Allow, Deny
--encryption-key-name

The name of the KeyVault key.

--encryption-key-source

The default encryption service.

accepted values: Microsoft.Keyvault, Microsoft.Storage
default value: Microsoft.Storage
--encryption-key-vault

The Uri of the KeyVault.

--encryption-key-version

The version of the KeyVault key.

--encryption-services

Specifies which service(s) to encrypt.

accepted values: blob, file, queue, table
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--https-only

Allows https traffic only to storage service.

accepted values: false, true
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--sku

The storage account SKU.

accepted values: Premium_LRS, Premium_ZRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--use-subdomain

Specify whether to use indirect CNAME validation.

accepted values: false, true