Published 2022-06-12.
Last modified 2022-06-19.
Time to read: 2 minutes.
Azure Static Web Apps
Azure Static Web Apps is a standalone product and separate from the static website hosting feature of Azure Storage. It has attractive features:
- Defining routes.
- Authentication and authorization.
- Assigning Roles with Microsoft Graph.
- Azure Static Web Apps plugin for Visual Studio Code.
However, a simple website running on Azure Static Web Apps would cost considerably more than running it from Azure Storage Blob.
Azure Blob Storage Websites
Azure Blob Storage can serve websites, just like AWS S3, and can work with CDNs, for example, Azure CDN. My biggest problem was understanding how to copy files to Azure Blog Storage. Several options exist, and the documentation is intimidating. Worse, the choices made at the outset, when creating Blob Storage dictate the possible ways to keep the website updated.
User Authentication
The source of the problem is that Azure supports various mechanisms to provide authentication credentials. Some apparently desirable scenarios seem needlessly complex.
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
By using Azure Active Directory, you can provide credentials once.
To authorize access by using Azure AD, see
Authorize access to blobs with AzCopy and Azure Active Directory (Azure AD).
– Use Azure Active Directory
Policies
Azure policies can be used to define the desired behavior for your organization's Windows VMs and Linux VMs. By using policies, an organization can enforce various conventions and rules throughout the enterprise. Enforcement of the desired behavior can help mitigate risk while contributing to the success of the organization.
azcopy
The Azure documentation guides new users towards using azcopy, without mentioning other options,
or explaining the implications of chosing those options.
Get started with AzCopy
provides links for downloading azcopy.
Here is the help message for the Linux version:
$ azcopy AzCopy 10.15.0 Project URL: github.com/Azure/azure-storage-azcopy
AzCopy is a command line tool that moves data into and out of Azure Storage. To report issues or to learn more about the tool, go to github.com/Azure/azure-storage-azcopy
The general format of the commands is: 'azcopy [command] [arguments] --[flag-name]=[flag-value]'.
Usage: azcopy [command]
Available Commands: bench Performs a performance benchmark completion Generate the autocompletion script for the specified shell copy Copies source data to a destination location doc Generates documentation for the tool in Markdown format env Shows the environment variables that you can use to configure the behavior of AzCopy. help Help about any command jobs Sub-commands related to managing jobs list List the entities in a given resource login Log in to Azure Active Directory (AD) to access Azure Storage resources. logout Log out to terminate access to Azure Storage resources. make Create a container or file share. remove Delete blobs or files from an Azure storage account sync Replicate source to the destination location
Flags: --cap-mbps float Caps the transfer rate, in megabits per second. Moment-by-moment throughput might vary slightly from the cap. If this option is set to zero, or it is omitted, the throughput isn't capped. -h, --help help for azcopy --output-type string Format of the command's output. The choices include: text, json. The default value is 'text'. (default "text") --trusted-microsoft-suffixes string Specifies additional domain suffixes where Azure Active Directory login tokens may be sent. The default is '*.core.windows.net;*.core.chinacloudapi.cn;*.core.cloudapi.de;*.core.usgovcloudapi.net;*.storage.azure.net'. Any listed here are added to the default. For security, you should only put Microsoft Azure domains here. Separate multiple entries with semi-colons. -v, --version version for azcopy
Use "azcopy [command] --help" for more information about a command.
Azure CLI
Install the Azure CLI on Linux gave me options for installing the CLI. I want the CLI to be updated automatically, so I went with Option 2: Step-by-step installation instructions.
$ sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg $ curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null gpg: WARNING: unsafe permissions on homedir '/home/mslinn/.gnupg'
To fix the gpg: WARNING: unsafe permissions on homedir
'/home/ error,
ensure that the .gnupg directory and its contents is accessibile by your user,
and properly set the permissions and access rights on the directory.
$ chown -R $(whoami) ~/.gnupg/ $ chmod 600 ~/.gnupg/* $ chmod 700 ~/.gnupg
$ AZ_REPO=$(lsb_release -cs) echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | sudo tee /etc/apt/sources.list.d/azure-cli.list deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ jammy main $ sudo apt-get update $ sudo apt-get install azure-cli Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: azure-cli 0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded. Need to get 80.0 MB of archives. After this operation, 1060 MB of additional disk space will be used. Get:1 https://packages.microsoft.com/repos/azure-cli jammy/main amd64 azure-cli all 2.37.0-1~jammy [80.0 MB] Fetched 80.0 MB in 9s (8445 kB/s) Selecting previously unselected package azure-cli. (Reading database ... 118671 files and directories currently installed.) Preparing to unpack .../azure-cli_2.37.0-1~jammy_all.deb ... Unpacking azure-cli (2.37.0-1~jammy) ... Setting up azure-cli (2.37.0-1~jammy) ... Scanning processes... Scanning processor microcode... Scanning linux images... Failed to retrieve available kernel versions. Failed to check for processor microcode upgrades. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host.
The CLI provides an in-tool command to update to the latest version:
$ az upgrade This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus You already have the latest azure-cli version: 2.37.0 Upgrade finished. You can enable auto-upgrade with 'az config set auto-upgrade.enable=yes'. More details in https://docs.microsoft.com/cli/azure/update-azure-cli#automatic-update $ az config set auto-upgrade.enable=yes Command group 'config' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Azure CLI Getting Started mentions the Visual Studio Code Azure CLI Tool.
