According to this article detailing the limits of Azure Storage, there is a limit on the number of Azure Resource Manager requests that can be made.
Additionally, this article details limits of the ARM API. A post here claims they ran into issues running a list operations after making too many requests.
My question is, is there a limit on number of SAS Keys generated per hour for blob storage? Is creating a SAS Key an ARM event?
For example, if I'm using the Python Azure Storage SDK and I attempt to create 160,000 SAS keys in one hour for various blobs (files in containers in storage accounts), will I be throttled or stopped?
My application depends on these keys for allowing micro services access to protected data, but I cannot scale this application if I cannot create a large amount of SAS keys in a short period of time.
This is faster than uploading single blobs at a time with parallel block uploads because it spreads the upload across multiple partitions of the storage service. A single blob only supports a throughput of 60 MB/second (approximately 480 Mbps).
No, there's no limit on the number of storage containers in a storage account. You're limited by the size of the storage account which was recently increased to 500 TB from 200 TB .
Creating a SAS token does not interact with the Azure Api at all -
From Using shared access signatures
The SAS token is a string you generate on the client side A SAS token you generate with the storage client library, for example, is not tracked by Azure Storage in any way. You can create an unlimited number of SAS tokens on the client side.
I couldn't find code for building a Storage SAS token, but the the principal is similar to the following (from here)
private static string createToken(string resourceUri, string keyName, string key)
{
TimeSpan sinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1);
var week = 60 * 60 * 24 * 7;
var expiry = Convert.ToString((int)sinceEpoch.TotalSeconds + week);
string stringToSign = HttpUtility.UrlEncode(resourceUri) + "\n" + expiry;
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
var sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}", HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);
return sasToken;
}
Basically a SAS token is a hash of the storage credentials, that are locked down to provide a subset of services. You can create as many as you require without any interaction with the Azure API.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With