az storage container immutability-policy

Manage container immutability policies.

Commands

az storage container immutability-policy create

Creates or updates an unlocked immutability policy.

az storage container immutability-policy delete

Aborts an unlocked immutability policy.

az storage container immutability-policy extend

Extends the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.

az storage container immutability-policy lock

Sets the ImmutabilityPolicy to Locked state.

az storage container immutability-policy show

Gets the existing immutability policy along with the corresponding ETag in response headers and body.

az storage container immutability-policy create

Creates or updates an unlocked immutability policy.

ETag in If-Match is honored if given but not required for this operation.

az storage container immutability-policy create --account-name
                                                --container-name
                                                [--allow-protected-append-writes {false, true}]
                                                [--if-match]
                                                [--period]
                                                [--resource-group]
                                                [--subscription]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

--container-name -c

The container name.

Optional Parameters

--allow-protected-append-writes -w

This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.

accepted values: false, true
--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied.

--period

The immutability period for the blobs in the container since the policy creation, in days.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage container immutability-policy delete

Aborts an unlocked immutability policy.

The response of delete has immutabilityPeriodSinceCreationInDays set to 0. ETag in If-Match is required for this operation. Deleting a locked immutability policy is not allowed, the only way is to delete the container after deleting all expired blobs inside the policy locked container.

az storage container immutability-policy delete --account-name
                                                --container-name
                                                --if-match
                                                [--resource-group]
                                                [--subscription]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

--container-name -c

The container name.

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage container immutability-policy extend

Extends the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy.

The only action allowed on a Locked policy will be this action. ETag in If-Match is required for this operation.

az storage container immutability-policy extend --account-name
                                                --container-name
                                                --if-match
                                                [--allow-protected-append-writes {false, true}]
                                                [--period]
                                                [--resource-group]
                                                [--subscription]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

--container-name -c

The container name.

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied.

Optional Parameters

--allow-protected-append-writes -w

This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.

accepted values: false, true
--period

The immutability period for the blobs in the container since the policy creation, in days.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage container immutability-policy lock

Sets the ImmutabilityPolicy to Locked state.

The only action allowed on a Locked policy is ExtendImmutabilityPolicy action. ETag in If-Match is required for this operation.

az storage container immutability-policy lock --account-name
                                              --container-name
                                              --if-match
                                              [--resource-group]
                                              [--subscription]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

--container-name -c

The container name.

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage container immutability-policy show

Gets the existing immutability policy along with the corresponding ETag in response headers and body.

az storage container immutability-policy show --account-name
                                              --container-name
                                              [--if-match]
                                              [--query-examples]
                                              [--resource-group]
                                              [--subscription]

Required Parameters

--account-name

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

--container-name -c

The container name.

Optional Parameters

--if-match

The entity state (ETag) version of the immutability policy to update. A value of "*" can be used to apply the operation only if the immutability policy already exists. If omitted, this operation will always be applied.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.