Using Azure Storage with Authentication

As Azure does not provide S3 API compatible requests signing (as outlined in Using S3 with Authentication) other means need to be used if secure access is required. There are three options:

  • using MinIO

  • using Azure Files

  • using Azure VPC

MinIO can be run as Azure Kubernetes Service (AKS) within Azure to provide S3 compatible access to the Azure Storage, the following diagram (from the MinIO docs) outlines this:

../../../../_images/aks.png

Following the MinIO Azure Kubernetes Service (AKS) documentation or this howto a gateway can be setup that provides the S3 compatible API.

The next step is to enable access using the Apache Configuration where the following variables need to be provided:

  • S3 endpoint: https://webappname.azurewebsites.net, replacing webappname with the name of your Web App (and note the use of https)

  • S3 Region: the location of your Bucket

  • Access Key: the name of your Azure Storage Account

  • Secret Key: the Account Key of your Azure Storage Account

Alternatively Azure Files can be used to access Azure Storage over NFS or Samba which will provide Block Storage or Azure VPC can be used to create a virtual private network in which no request signing is needed.