In this video, learn about Management Plane Security, which is how to secure your Azure storage account. Sharon discusses RBAC and storage account keys, and Microsoft best practices for regenerating storage keys.
- [Instructor] You may hear the term management plane security when referring to Azure. This basically means securing your Azure account. You can secure the Azure Storage account by using role-based access control, or RBAC, and storage account keys. Let's focus in on RBAC first. We should use RBAC to only provide the permissions that the user needs to perform their role. By default, you could assign owner, contributor, or reader. In the case of Azure Storage, we can utilize the role contributor.
And the storage account contributor role manages the storage account. You can also use the virtual machine contributor role. The virtual machine contributor role can list the storage account keys, and they'll need to have those keys to create a virtual machine. As always, it is recommended to only provide the rights required to perform the task required. When you have a storage account, there are two access keys. There are 512-bit strings. And they maintain connectivity while regenerating, and that's why we have two.
And the Microsoft best practices for regenerating these keys is to point your resources to key two first, then regenerate key one. Next, point those resources back to key one, and then regenerate key two. And let's go ahead and show that to you in action. As you can see, I'm already in Azure. We have our storage account. I'm going to go ahead and open the blade for our storage account, and I'm going to click in Access keys. And here are those two keys I just referred to.
If you have an application or another service that is using this storage account and you have to regenerate these keys, point that resource or application to key two first and regenerate key one. You'll have a warning that'll pop up when you go to regenerate. Are you sure you want to do this? Yes, I do. So we'll go ahead, and you'll notice that key one has now been regenerated. At this point, you would take your application or resource and point it to key one and then regenerate key two again.
You'll have the same warning pop up. And click Yes, and you'll notice that key two was regenerated. And that's all there is to it, to regenerating your keys in your Azure Storage account.
- Designing data storage
- Azure Blob storage
- Creating Blob storage using PowerShell
- Azure Cosmos DB
- Securing Azure SQL Database
- Selecting the appropriate storage option
- Virtual machine storage tiers
- Managed vs. Unmanaged disks