Set up Azure Blob Storage Order Delivery¶
Permissions required: Admin
Last updated: June 15, 2022
Overview¶
The files from an ARD order can be delivered to a container within a Microsoft Azure storage account. To enable delivery, delegate WRITE access to the container or to the storage account with a Signed Access Signature (SAS) URL.
Access method: SAS URL
Access level required: Write
Secure Access Signatures (SAS)¶
Maxar ARD supports SAS URLS that use any of the three Azure Secured access signature types:
- User delegation SAS
- Account SAS
- Service SAS
SAS URLs can be created on an ad-hoc basis or by the use of a stored access policy. Microsoft recommends setting a near-term expiration for an ad hoc SAS. When a stored access policy is used, the expiration date can be set far into the future.
note: For ad hoc SAS URLs, set an expiration date that allows 3-5 days to give plenty of time for order processing and delivery to your cloud storage location.
To help you determine which SAS type is best for your needs, see Microsoft's Best Practices when Using SAS
Your Azure SAS URL can be registered with the Maxar ARD Credentials Service or submitted directly in an order request body. These options are explained below.
Option 1: Register the Azure SAS URL with the ARD Credentials service¶
If you plan to use the same credentials for multiple orders, we recommend registering them with the ARD Credentials service. This creates a credential ID that can be shared with all users in the account, and is included in the order request.
The administrator for the account can register the credentials and give them a name, or credentials_ID
. This ID can then be shared with all users in the account. The user includes the credentials ID in the request body when placing an order. See the example below.
-
An account can have more than one set of registered credentials.
-
Registered credentials can be deleted in the credentials service. Deleting means the credentials ID cannot be used to place new orders. Orders that are in progress when the credentials are deleted are not impacted.
-
Registered credentials can be updated. The credentials string and the description can be updated for an existing credentials record. Orders that are in progress when the credentials are updated are not impacted.
-
If the supplied credentials expire, any orders submitted with those credentials will fail. We recommend registering credentials with long-term expiration dates.
Register credentials¶
If you are an account administrator (admin), read the Credentials Guide to learn how register a set of credentials and create a credentials_id.
See the Credentials Storage SDK documentation to use the Max-ARD SDK to manage credentials. Example registration request:
The credentials ID is set by adding the ID string you want to use to the API endpoint request.
PUT https://ard.maxar.com/admin/api/v1/account/{accountID}/credentials/{credentials_id}
The credentials ID is a string you create to name the credentials. For example, you might use `our-shared-creds`.
Example request body:
```json
{
"credentials": "Azure SAS URL string goes here",
"description": "use for orders placed for demo purposes"
}
Submit the credentials ID in an order request¶
Once the credentials have been registered, the credentials ID is submitted with the order request.
This example shows the output configuration for an order, using a credentials_id named "our-shared-credentials".
"output_config": {
"azure_blob_storage": {
"credentials_id": "our-shared-credentials",
"container": "my-ard-bucket",
"prefix": "prefix-1"
}
}
}
Option 2: Include the SAS URL string in the order request.¶
You can send the SAS URL directly in an order request instead of registering it. This may be a good option if you use SAS URLs with near-term expirations.
Example:
{
"output_config": {
"azure_blob_storage": {
"sas_url": "Azure SAS URL string goes here",
"container": "my-ard-container",
"prefix": "prefix-1"
}
}
}