Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

Setting Lifecycle Management Policy on Azure Storage using Azure PowerShell

·1185 words·6 mins· 100 views · 5 likes ·
Add-AzStorageAccountManagementPolicyAction Azure PowerShell Connect-AzAccount Get-AzStorageAccountManagementPolicy

Following the thread of my last post, I want to show you how to take advantage of this functionality by configuring a data lifecycle management policy in your Azure storage account using Azure PowerShell. Microsoft Azure lifecycle policies allow you to define automatic data transition between different storage tiers. This provides flexible management of storage costs in the medium and long term. Important: Lifecycle management policies are supported for block blobs and append blobs in general purpose v2, premium block blob, and blob storage accounts. Lifecycle Management does not affect system containers like the $logs or $web containers.

Azure PowerShell Workaround>

Azure PowerShell Workaround #

Check out this link if you want to know how to install the PowerShell Azure module on your machine. The simplest way to get started is to sign in interactively at the command line.

Connect-AzAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. You can choose the default subscription if you have more than one associated with your mail account. To perform this task, we will use the following commands:

Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start. Here we define our environment’s characteristics and the resources’ names.

$resourceGroupName = "RG-DEMO-NE"
$storageAccountName = "storageaccountdemone"
Check current settings>

Check current settings #

First, we check the current configuration. To do this, you should use the following command.

Get-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
| Select-Object Rules, StorageAccountName

This command should return an error message indicating that we don’t have any policies applied to our storage account.

Set up a lifecycle management policy>

Set up a lifecycle management policy #

A lifecycle management policy comprises one or more rules that define a set of actions to perform based on fulfilling a condition. When the selected condition is true, the management policy performs the specified action.

Create a Filter object>

Create a Filter object #

Each rule definition can include a set of filters. The filter set limits the actions of the rules to a specific subset of blobs within the storage account. A logical AND is performed on all filters if more than one is defined.

Blob index match>

Blob index match #

You can filter the items to which the policy will be applied using the Blob index tags. But note that this filter can only be applied to the blob subtypebaseblob.” To create a ManagementPolicy BlobIndexMatch object, you should use the New-AzStorageAccountManagementPolicyBlobIndexMatchObject cmdlet, which you will use in the next step to create the filter object.

$blobindexmatch = New-AzStorageAccountManagementPolicyBlobIndexMatchObject `
-Name "Project" `
-Value "www.jorgebernhardt.com"
Blob type>

Blob type #

Currently, only the block blob and append blob types are supported.

  • blockBlob
  • appendBlob
Blob prefix>

Blob prefix #

if you don’t define prefixMatch, the rule applies to all blobs within the storage account. To search for items in a specific container, enter the container name followed by a slash, then the blob name or the first few letters. Finally, once you have defined the filters that you will use, you should use the New-AzStorageAccountManagementPolicyFilter cmdlet with the following syntax.

$filter = New-AzStorageAccountManagementPolicyFilter `
-BlobType blockBlob `
-PrefixMatch "destinationfolder/www" `
-BlobIndexMatch $blobindexmatch

New-AzStorageAccountManagementPolicyFilter

Create an Action Group object>

Create an Action Group object #

The Add-AzStorageAccountManagementPolicyAction cmdlet adds an action to the Action Group object. Each action object consists of an action and a condition that must be met for the action to be performed.

$action = Add-AzStorageAccountManagementPolicyAction `
-BaseBlobAction TierToCool `
-DaysAfterLastAccessTimeGreaterThan 90 `
-EnableAutoTierToHotFromCool

$action = Add-AzStorageAccountManagementPolicyAction `
-SnapshotAction Delete `
-daysAfterCreationGreaterThan 180 `
-InputObject $action
Blob Subtype>

Blob Subtype #

Each action/condition is applied individually on each blob subtype, as seen in the example above. The available blob subtypes are:

  • -BaseBlobAction
  • -SnapshotAction
  • -BlobVersionAction

Important: Note that filters defined in the filter object will apply to all action objects, and not all blob subtypes support the same filters.

Actions>

Actions #

The available action parameters are:

  • TierToArchiv
  • TierToCool
  • Delete
Condition>

Condition #

Once the action is chosen, you must select the condition that must be met to apply it.

  • -DaysAfterModificationGreaterThan
  • -DaysAfterCreationGreaterThan
  • -DaysAfterLastAccessTimeGreaterThan

To be able to use the “daysAfterLastAccessTimeGreaterThan” condition, it is necessary to have the “Access tracking” option enabled; if you want to know how to activate this feature, Check out this link. I use a single action to simplify the explanation, but you can create multiple actions for each blob subtype.

$action = Add-AzStorageAccountManagementPolicyAction `
-BaseBlobAction TierToCool `
-DaysAfterLastAccessTimeGreaterThan 90 `
-EnableAutoTierToHotFromCool

Add-AzStorageAccountManagementPolicyAction
Important: The “EnableAutoTierToHotFromCool” parameter can only work with the TierToCool action and the DaysAfterLastAccessTimeGreaterThan condition.

Create a policy rule object>

Create a policy rule object #

You should use the New-AzStorageAccountManagementPolicyRule cmdlet to create the rule object using the filter and action objects created in the previous steps.

$rule = New-AzStorageAccountManagementPolicyRule `
-Name MyDemoPolicyRule `
-Filter $filter \`
-Action $action
Create a lifecycle management policy>

Create a lifecycle management policy #

Finally, once the rule object is created, you’ll need to use the Set-AzStorageAccountManagementPolicy cmdlet to create the management policy on your Azure Storage account.

Set-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
-Rule $rule

Important: Note that it may take up to 48 hours for your new policy to take effect.

Get all the policy rules associated with your storage account>

Get all the policy rules associated with your storage account #

Using the Get-AzStorageAccountManagementPolicy cmdlet, you can get the policies that apply to your storage account.

Get-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
| Select-Object Rules, StorageAccountName
Rename a data policy rule>

Rename a data policy rule #

Follow the steps below to modify the name of a policy.

$Myrules=Get-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
| Select-Object Rules, StorageAccountName

Select the rule you want to modify using the index and set the new value with the following command, as seen in the following example.

$Myrules
$Myrules.Rules[0].Name="NewName"

To update the rule values,  you should use the Set-AzStorageAccountManagementPolicy cmdlet, passing the new modified object as a parameter.

Set-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
-Rule $Myrules.Rules
Disable or Enable a data policy rule>

Disable or Enable a data policy rule #

Follow the steps below to modify the name of a policy.

$Myrules=Get-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
| Select-Object Rules, StorageAccountName

Select the rule you want to modify using the index and set the new value with the following command, as seen in the following example.

$Myrules
$Myrules.Rules[0].Enabled=$false

To update the rule values, you should use the Set-AzStorageAccountManagementPolicy cmdlet, passing the new modified object as a parameter.

Set-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName `
-Rule $Myrules.Rules
Delete all the policy rules associated with your storage account>

Delete all the policy rules associated with your storage account #

Finally, if you want to remove all the policies that apply to your storage account, you should use the Remove-AzStorageAccountManagementPolicy cmdlet with the following syntax.

Remove-AzStorageAccountManagementPolicy `
-ResourceGroupName $resourceGroupName `
-StorageAccountName $storageAccountName

Thanks for reading my post. I hope you find it helpful. Check out this link for more information on optimizing costs through automated data lifecycle management.