Example: Create Azure Storage using the Azure libraries for Python
In this article, you learn how to use the Azure management libraries in a Python script to create a resource group that contains an Azure Storage account and a Blob storage container.
After creating the resources, see Example: Use Azure Storage to use the Azure client libraries in Python application code to upload a file to the Blob storage container.
All the commands in this article work the same in Linux/macOS bash and Windows command shells unless noted.
The Equivalent Azure CLI commands are listed later in this article. If you prefer to use the Azure portal, see Create an Azure storage account and Create a blob container.
1: Set up your local development environment
If you haven't already, set up an environment where you can run the code. Here are some options:
Configure a Python virtual environment using
venv
or your tool of choice. You can create the virtual environment locally or in Azure Cloud Shell and run the code there. Be sure to activate the virtual environment to start using it.Use a conda environment.
Use a Dev Container in Visual Studio Code or GitHub Codespaces.
2: Install the needed Azure library packages
Create a requirements.txt file that lists the management libraries used in this example:
azure-mgmt-resource azure-mgmt-storage azure-identity
In your terminal with the virtual environment activated, install the requirements:
pip install -r requirements.txt
3: Write code to create storage resources
Create a Python file named provision_blob.py with the following code. The comments explain the details. The script reads your subscription ID from an environment variable, AZURE_SUBSCRIPTION_ID
. You set this variable in a later step. The resource group name, location, storage account name, and container name are all defined as constants in the code.
import os, random
# Import the needed management objects from the libraries. The azure.common library
# is installed automatically with the other libraries.
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient
# Acquire a credential object.
credential = DefaultAzureCredential()
# Retrieve subscription ID from environment variable.
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
# Obtain the management object for resources.
resource_client = ResourceManagementClient(credential, subscription_id)
# Constants we need in multiple places: the resource group name and the region
# in which we provision resources. You can change these values however you want.
RESOURCE_GROUP_NAME = "PythonAzureExample-Storage-rg"
LOCATION = "centralus"
# Step 1: Provision the resource group.
rg_result = resource_client.resource_groups.create_or_update(RESOURCE_GROUP_NAME,
{ "location": LOCATION })
print(f"Provisioned resource group {rg_result.name}")
# For details on the previous code, see Example: Provision a resource group
# at https://docs.microsoft.com/azure/developer/python/azure-sdk-example-resource-group
# Step 2: Provision the storage account, starting with a management object.
storage_client = StorageManagementClient(credential, subscription_id)
STORAGE_ACCOUNT_NAME = f"pythonazurestorage{random.randint(1,100000):05}"
# You can replace the storage account here with any unique name. A random number is used
# by default, but note that the name changes every time you run this script.
# The name must be 3-24 lower case letters and numbers only.
# Check if the account name is available. Storage account names must be unique across
# Azure because they're used in URLs.
availability_result = storage_client.storage_accounts.check_name_availability(
{ "name": STORAGE_ACCOUNT_NAME }
)
if not availability_result.name_available:
print(f"Storage name {STORAGE_ACCOUNT_NAME} is already in use. Try another name.")
exit()
# The name is available, so provision the account
poller = storage_client.storage_accounts.begin_create(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME,
{
"location" : LOCATION,
"kind": "StorageV2",
"sku": {"name": "Standard_LRS"}
}
)
# Long-running operations return a poller object; calling poller.result()
# waits for completion.
account_result = poller.result()
print(f"Provisioned storage account {account_result.name}")
# Step 3: Retrieve the account's primary access key and generate a connection string.
keys = storage_client.storage_accounts.list_keys(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME)
print(f"Primary key for storage account: {keys.keys[0].value}")
conn_string = f"DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName={STORAGE_ACCOUNT_NAME};AccountKey={keys.keys[0].value}"
print(f"Connection string: {conn_string}")
# Step 4: Provision the blob container in the account (this call is synchronous)
CONTAINER_NAME = "blob-container-01"
container = storage_client.blob_containers.create(RESOURCE_GROUP_NAME, STORAGE_ACCOUNT_NAME, CONTAINER_NAME, {})
# The fourth argument is a required BlobContainer object, but because we don't need any
# special values there, so we just pass empty JSON.
print(f"Provisioned blob container {container.name}")
Authentication in the code
Later in this article, you sign in to Azure with the Azure CLI to run the sample code. If your account has permissions to create resource groups and storage resources in your Azure subscription, the code will run successfully.
To use such code in a production script, you can set environment variables to use a service principal-based method for authentication. To learn more, see How to authenticate Python apps with Azure services. You need to ensure that the service principal has sufficient permissions to create resource groups and storage resources in your subscription by assigning it an appropriate role in Azure; for example, the Contributor role on your subscription.
Reference links for classes used in the code
- DefaultAzureCredential (azure.identity)
- ResourceManagementClient (azure.mgmt.resource)
- StorageManagementClient (azure.mgmt.storage)
4. Run the script
If you haven't already, sign in to Azure using the Azure CLI:
az login
Set the
AZURE_SUBSCRIPTION_ID
environment variable to your subscription ID. (You can run the az account show command and get your subscription ID from theid
property in the output):Run the script:
python provision_blob.py
The script will take a minute or two to complete.
5: Verify the resources
Open the Azure portal to verify that the resource group and storage account were created as expected. You may need to wait a minute and also select Show hidden types in the resource group.
Select the storage account, then select Data storage > Containers in the left-hand menu to verify that the "blob-container-01" appears:
If you want to try using these resources from application code, continue with Example: Use Azure Storage.
For an additional example of using the Azure Storage management library, see the Manage Python Storage sample.
For reference: equivalent Azure CLI commands
The following Azure CLI commands complete the same creation steps as the Python script:
rem Provision the resource group
az group create ^
-n PythonAzureExample-Storage-rg ^
-l centralus
rem Provision the storage account
set account=pythonazurestorage%random%
echo Storage account name is %account%
az storage account create ^
-g PythonAzureExample-Storage-rg ^
-l centralus ^
-n %account% ^
--kind StorageV2 ^
--sku Standard_LRS
rem Retrieve the connection string
FOR /F %i IN ('az storage account show-connection-string -g PythonAzureExample-Storage-rg -n %account% --query connectionString') do (SET connstr=%i)
rem Provision the blob container
az storage container create ^
--name blob-container-01 ^
--account-name %account% ^
--connection-string %connstr%
6: Clean up resources
Leave the resources in place if you want to follow the article Example: Use Azure Storage to use these resources in app code. Otherwise, run the az group delete command if you don't need to keep the resource group and storage resources created in this example.
Resource groups don't incur any ongoing charges in your subscription, but resources, like storage accounts, in the resource group might incur charges. It's a good practice to clean up any group that you aren't actively using. The --no-wait
argument allows the command to return immediately instead of waiting for the operation to finish.
az group delete -n PythonAzureExample-Storage-rg --no-wait
You can also use the ResourceManagementClient.resource_groups.begin_delete
method to delete a resource group from code. The code in Example: Create a resource group demonstrates usage.
See also
- Example: Use Azure Storage
- Example: Create a resource group
- Example: List resource groups in a subscription
- Example: Create a web app and deploy code
- Example: Create and query a database
- Example: Create a virtual machine
- Use Azure Managed Disks with virtual machines
- Complete a short survey about the Azure SDK for Python