Skip to content

QueueStorage

Jump to bottom
Tore Nestenius edited this page Nov 22, 2024 · 10 revisions

Azure Queue Storage

Overview

This tools allows you to send and receive messages from a given Azure Queue Storage queue.

Setting Up Azure Queue Storage

To set up Azure Queue Storage for testing and development, follow these steps.

Step 1: Create an Azure Storage Account

  1. In the Azure Portal, search for and create a new Storage Account:
    • Name: Choose a unique name, e.g., clouddebuggerstorage
    • Primary Service: Select Azure Blob Storage
    • Performance: Choose Standard
    • Redundancy: Set to Locally-Redundant Storage (LRS) for cost-effective testing.
  2. Click Create to finalize the setup.

Step 2: Create a Queue

  1. Within your newly created storage account, navigate to Queues and select + Queue to create a new queue:
    • Name: Enter a unique name, e.g., mystoragequeue
  2. Click OK to create the queue.

Step 3: Retrieve the Queue URL

  1. In the Azure portal, go to your storage account and select the queue you just created.
  2. Copy the URL to the queue. This URL will be needed to connect your application to this queue.

Authentication

The tool supports two methods for authenticating access to Azure Queue Storage:

  • SAS Token: Using a a Shared Access Signature (SAS) token with specific permissions.
  • Managed Identity: Authenticate using a managed identity assigned.

Using a SAS Token for Queue Access

To create a SAS token with limited permissions for secure access:

  1. In the Azure Portal, navigate to your Storage Account.

  2. Under Security + networking, select Shared access signature.

  3. Configure the SAS token settings:

    • Allowed Services: Select Queue.
    • Allowed Resource Types: Select Service, Container, and Object.
    • Allowed Permissions: Select Read, Add, and Process Messages.
    • Expiry: Set an expiration date and time for the SAS token.

  4. Click Generate SAS and connection string.

  5. Copy the SAS Token from the generated results.

    Note: Always store the SAS token securely, as they grant specific access rights to the queue.

Using Managed Identity

To enable access to the queue using a managed identity, follow these steps:

  1. Navigate to your Azure Queue in the Azure Portal.
  2. Select Access Control (IAM) from the left-hand menu.
  3. Click Add role assignment.
  4. Choose an appropriate role for the Cloud Debugger managed identity:
    • Storage Queue Data Contributor: Provides full access to manage queues and messages.
    • Storage Queue Data Message Processor: Grants permissions to read and delete messages.
    • Storage Queue Data Message Sender: Allows sending messages to the queue.
    • Storage Queue Data Reader: Allows read-only access to messages in the queue.
  5. Assign the selected role to the Cloud Debugger managed identity to enable it to interact with the queue as specified.

Resources

Clone this wiki locally