HOW TO

How to add an Azure Storage Container to ArcGIS Pro as a Cloud Store

Last Published: June 3, 2024

Summary

Cloud storage, such as Azure Storage Containers, are often used to store various kinds of GIS data. An example of this is when image files (rasters) are stored in the cloud and used for analysis by clients such as ArcGIS Pro.

There are two methods for authenticating and connecting to Azure Storage. The first is Azure Storage Account Access Keys, which grant unlimited access to all resources within a specific storage account.

The second is Shared Access Signatures (SAS), which grant limited access to resources within a storage account. You can provide a SAS to clients who should not be trusted with your Storage Account Access Key, but whom you wish to delegate access to certain storage account resources.

Note:
The workflows in this article were performed with ArcGIS Pro 3.1.0 installed on a machine in Azure.

Procedure

Grant access to a storage container with an account Access Key

  1. In the ArcGIS Pro menu, click Insert.
  2. Go to the Project group in the ribbon and activate the Connections item.
  3. Click Cloud Store > New Cloud Storage Connection.
  4. Enter a value for the Connection File Name.
  5. Choose "AZURE" for the Service Provider.
  6. Copy the storage account name from the Azure Portal and paste it into Access Key ID (Account Name), as shown in the next image.

entering the Access Key (Account Name) connection information

  1. Copy an "Access Key" value from the Azure Portal and paste it into Secret Access Key (Account Key), seen in the next image.

entering the secret access key

  1. Select the Azure Container from the Bucket (Container) Name drop-down list. 

selecting the container

The Cloud Store will be added to ArcGIS and is available in the Catalog pane.
Image_2023-09-28_13-26-26.png

Grant access to a storage container with a Shared Access Signature (SAS) signed by an Account Key

Azure Storage supports three types of shared access signatures: User delegation SAS, Service SAS, and Account SAS. This workflow demonstrates granting access with a Service SAS.

Service SAS can be secured with the storage account key, and delegates access to a resource in only one of the Azure Storage services: Blob storage, Queue storage, Table storage, or Azure Files. The following workflow is for accessing Blob storage.

  1. Connect to the Azure Portal and Navigate to the Storage Account > Containers
  2. Locate the the container to grant access to, activate the action menu, and select Access Policy, as shown in the next image.

selecting the access policy for the container

  1. In the Stored access policies section click Add policy.

adding a policy

  1. Configure IdentifierPermissionsStart time and Expiry time fields. similar to the next image.

configuring the policy

The permissions granted in the image above are List and Read. Grant the AddCreateWrite and/or Delete permissions to match your specific requirements.

  1. Click OK and then save the Access policy.
  2. Locate the container to grant access to, activate the action menu, and select Generate SAS. This is shown in the next image.

generating the SAS

  1. Configure the following options, as shown in the image below:
    • Signing method = Account Key
    • Signing key
    • Stored access policy = the Access Policy you created at step-3 and step-4.
    • Allowed IP addresses
    • Allowed protocols

The Allowed IP addresses field shown below specifies a public IP address or a range of public IP addresses from which to accept requests. Only IPv4 addresses are supported.

Supported values include, for example, “168.1.5.65”, “168.1.5.65-168.1.5.85”. CIDR notation is not supported.

specifying a public IP address or a range of public IP addresses

  1. Click Generate SAS token and URL.
  2. Copy the value of Blob SAS token.

copying the Blob SAS token

  1. In ArcGIS Pro run the Create Cloud Storage Connection File geoprocessing tool (from Analysis > Tools).
  2. Configure the following parameters:
    • Connection File Location = the path to the ArcGIS Pro project folder.
    • Connection File Name = give the file a name.
    • Service Provider = Azure
    • Access Key ID (Account Name) = the name of the Azure Storage Account.
    • Bucket (Container) Name = the name of the Azure Storage Container (Blob).
    • Region (Environment) = Azure Cloud
    • Service End Point = blob.core.windows.net
  3. In the Provider Options section, active the drop-down tool and select AZURE_STORAGE_SAS_TOKEN and paste the Blob SAS token copied from step 9.
  4. Click Run.

selecting the provider options

  1. In the ArcGIS Pro menu, click Insert in the menu bar.
  2. Go to the Project group in the ribbon and activate the Connections item.
  3. Click Cloud Store > Add Cloud Storage Connection.
  4. Navigate to the project folder and select the Cloud Storage Connection file, and click OK.

selecting the new cloud storage connection in ArcGIS Pro

The Cloud Store will be added to ArcGIS Pro and is available in the Catalog pane.

cloud store images shown in Catalog

Article ID: 000031346

Software:
  • ArcGIS Pro

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options