Use Azure Data Share to share Azure Blob Storage securely
How do you securely share data that you have in Azure? Do you sent it over e-mail? Put it in a place like SharePoint or OneDrive? Securely sharing data has always been difficult. And it has traditionally required you to use an external service, which requires you and the receiver of the data to have access to these services. There is a better way to do this and it is called Azure Data Share.
Azure Data Share is a service in Azure that allows you to securely share you Azure data with other people, without the need of external services.
In this article, we are going to use Azure Data Share to securely share files in Azure Blob Storage with somebody.
If you want to follow along, you'll need the following:
- An Azure subscription (If you don't have an Azure subscription, create a free account before you begin)
- An Azure Storage account with a Blob Container that you want to share
- An Azure Storage account with a Blob Container that you will use to receive data
- This can be located in another Azure subscription as the storage account that you are sharing
- If you use another subscription to receive data, you will also need to create an Azure Data Share in that subscription that will receive the shared data
Sharing Azure Blob Storage data
Let's start by creating a new Azure Data Share account and use that to share an Azure Blob Storage Container.
We'll create the Azure Data Share using the Azure portal.
- Go to the Azure portal
- Click the Create a resource button (the plus-sign in the top left corner)
- Search for Data Share and click on the result to start creating one
- Fill in a Name for the Azure Data Share
- Select an Azure subscription
- Select or create a Resource group
- Select a Location
- Click Create
(Create a new Azure Data Share account in the Azure portal)
Once the deployment is finished, you'll have a new Azure Data Share account. Now we need to share data with it.
- Go to the newly created Azure Data Share account in the Azure portal
- Click on Start sharing your data. This opens the Sent shares blade
- In the Sent shares blade, click Create to start sharing data, like in the image below
(Start sharing data)
- In step 2, click Add datasets and select Azure Blob Storage and click Next. This should look like the image below:
(Share Azure Blob Storage)
- Select the storage account and the Blob Container that you want to share and click Add dataset
- Click Continue to go to the next step
- In step 3, click Add recipient and fill in the e-mail address of the person you want to share the data with and click Continue
- In step 4, check the Snapshot schedule box and configure the Start time and Recurrence. This will refresh the data for the recipient at set intervals
- Click Continue to review the share
- Click Create
The Azure Blob Storage container is now shared.
Receiving Azure Blob Storage data
The recipient of the share should now have an e-mail that invites her to receive the data share. Let's accept the invite and receive the data.
Before we can accept the invite, we need to make sure that Azure Data Share will have enough permissions to receive the data. We'll do that in the Azure portal.
- In the Azure portal, navigate to the Azure Storage account that you will use to receive the data share
- In the Azure Storage account, click on Blobs
- If you haven't created one yet, create a new Container to receive the data in. Otherwise, click on the Container to open it
- In the Container, click on the Access Control (IAM) menu-item on the left
- Click Add > Add role assignment
- Select the role Owner
- Select the user that has received the data share invite and click Save
We are ready to accept the data share invite and receive the data:
- Open the e-mail of the data share invite and click on the View Invitation button
- This will open the Azure portal and show your Data Share Invitations. Click on the invitation in the Azure portal to open it
- The invitation is shown like in the image below
b. Pick a Subscription
c. Select a Resource group
d. Select or create a Data Share account that you will use to receive the data in. Both the sender and the receiver of the data need to have an Azure Data Share account
e. Click the Accept and configure now button
(Accept a Data Share invite)
Now we need to configure where we store the received data.
- Select the Subscription to receive the data in
- Select a Resource group
- Select the Storage account the we've configured the access rights on
- Enter the Container name of the Blob Container to receive the data in
- Check the Snapshot Settings box to keep the data updated
- Click Save
We are now ready to receive the data. Receiving shared data is done through our own Azure Data Share account. Let's take a look.
- In the Azure portal, open the Data Share account that we've configured to receive the data
- Go to Received shares to see the data share that we received and click on it to open it
- The data is shared, but the data snapshot hasn't downloaded yet. We can manually trigger that, by clicking Trigger Snapshot > Full copy
(Trigger a data snapshot in the Azure portal)
- After a while, the download is done and the data will be in Blob Container of the the Azure Storage account
(Shared data received in Blob Container)
Azure Data Share is an easy way to securely share data that is in Azure. It is easy to use and doesn't require the sender or receiver to use any tools or services outside Azure. Additionally, it provides a way to keep shared data updated with data snapshots and can update that data incrementally, which saves costs and is faster than updating the entire data set. Go and check out Azure Data Share!