Immutable storage for Azure Storage Blobs
If you have storage blobs containing things like backups or files then Azure now has Immutable storage available for Azure Storage Blobs generally available in all public regions.
Immutable means that it is unable to change or be changed and this means that if a customer has let’s say a backup then they can store this unchanged which for some companies is very nice to have.
To take advantage or to test out immutable storage lets go through what we need to do to test it out.
- First of all, create a storage account.
- Click on Containers and create a new container, give it a name and choose Private (no anonymous access).
- Once created click on the name of your new container and then upload some files.
- Once you have uploaded some files click on Access Policy on the left-hand side, notice we have 2 sections, Stored access policies and Immutable blob storage, under Immutable blob storage, select Add policy.
- We now have 2 options to choose from
- Time-based retention
- Legal hold
Time-based retention allows us to add a number of days value between 1 day and 400 years, this also makes the files immutable.
Note:- You cannot change this value to 0 at any time. Once the interval you add expires – Upon the expiration of the retention interval, the data will continue to be in a non-modifiable state but can be deleted. Retention policy changes may require some time to take effect. 5 edits are permitted to the policy.
Legal hold retention means you add a tag to the blob container – each legal hold policy needs to be associated with 1 or more tags. Tags are used as a name identifier, such as a case ID, to categorize and view records.
You cannot delete or modify any files with the container whilst there is either a Time-based retention policy or a Legal hold policy, however if you delete the legal hold policy you can then delete or modify files with the container.
With Time-based retention, you can allow additionally protected appends and change the retention interval.
Time-based retentions need to be locked in order to be active and to add a lock click on the 3 dots and choose Lock policy.
Note:- Once you apply the lock you cannot delete the lock and just before you click save on applying the lock you will see the following reminder:-
I can see some people having the need to keep backups and have them immutable for a number of legal reasons and this new feature will be very handy for them.
Don’t forget to subscribe to my YouTube Channel.
Thanks for sharing Gregor
A useful feature for long term data retention and for legal purposes.
[…] Immutable storage for Azure Storage Blobs (Gregor Suttie) […]
It’s a great source of knowledge; I think it will be helpful for lot of people who are looking for learning more about the immutable storage for azure storage blobs. Thank you very much for sharing this article.