ScyllaDB University Live | Free Virtual Training Event
Learn more
ScyllaDB Documentation Logo Documentation
  • Server
  • Cloud
  • Tools
    • ScyllaDB Manager
    • ScyllaDB Monitoring Stack
    • ScyllaDB Operator
  • Drivers
    • CQL Drivers
    • DynamoDB Drivers
  • Resources
    • ScyllaDB University
    • Community Forum
    • Tutorials
Download
ScyllaDB Docs Scylla Manager Backup Setup Azure Blob Storage

Caution

You're viewing documentation for a previous version of Scylla Manager. Switch to the latest stable version.

Setup Azure Blob Storage¶

  • Create a container

  • Grant access

    • IAM role

    • Config file

  • Troubleshoot connectivity

To use Azure Blob Storage as your backup location you need a storage account, a container, and authentication setup.

Create a container¶

Go to Azure Portal and create a new container within your storage account. This container should be only used for storing Scylla Manager backups. If your cluster is deployed in multiple regions create a storage account and container per region. You may decide to backup only a single datacenter to save on costs, in that case create only one storage account and container in a region you want to backup.

Grant access¶

This procedure is required so that Scylla Manager can access your containers.

Choose how you want to configure access to the container. You can use an IAM role (recommended) or you can add storage account credentials (account/key) to the Scylla Manager Agent configuration file. The latter method is not recommended because you are placing the security information directly on each node, which is much less secure than the IAM role method. In addition, if you need to change the key, you will have to replace it on every node.

IAM role¶

Portal Procedure

Procedure for configuring IAM role access over web UI:

  1. Create custom IAM role for the storage account which adheres to your company security policy.

  2. Assign the custom IAM role to each virtual machine instance (node) in the cluster.

Sample role JSON definition scoped to the ScyllaManagerBackup resource group:

{
  "properties": {
    "roleName": "Scylla Backup Storage Contributor",
    "description": "Contributor access to the blob service for Scylla cluster backups",
    "assignableScopes": [
      "/subscriptions/<subscription_uuid>/resourceGroups/ScyllaManagerBackup"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
        ],
        "notDataActions": []
      }
    ]
  }
}

You can use permissions from the provided sample but make sure to set proper value for assignableScopes field because that is specific to your environment.

Config file¶

Note that this procedure needs to be repeated for each Scylla node.

Procedure

Edit the /etc/scylla-manager-agent/scylla-manager-agent.yaml

  1. Uncomment the azure: line, for parameters note the two spaces in front, it’s a yaml file.

  2. Uncomment and set account: line under azure:. This field must always be set to the name of the storage account that backup container lives under.

  3. Optionally uncomment and set key: line under azure: if you are using account/key based access. If you are using role based access keep this line commented.

  4. Validate that the manager has access to the backup location. If there is no response, the container is accessible. If not, you will see an error.

    scylla-manager-agent check-location --location azure:<blob storage container name>
    
  5. Restart Scylla Manager Agent service.

    sudo systemctl restart scylla-manager-agent
    

Troubleshoot connectivity¶

To troubleshoot Scylla node to bucket connectivity issues you can run:

scylla-manager-agent check-location --debug --location azure:<blob storage container name>

Was this page helpful?

PREVIOUS
Setup Google Cloud Storage
NEXT
Examples
  • Create an issue
  • Edit this page

On this page

  • Setup Azure Blob Storage
    • Create a container
    • Grant access
      • IAM role
      • Config file
    • Troubleshoot connectivity
Scylla Manager
  • 3.3
    • master
    • 3.5
    • 3.4
    • 3.3
  • Docker
  • Install ScyllaDB Manager
  • Install ScyllaDB Manager Agent
  • ScyllaDB Manager Upgrade
  • Add a Cluster
  • Backup
    • Setup Amazon S3
    • Setup S3 compatible storage
    • Setup Google Cloud Storage
    • Setup Azure Blob Storage
    • Examples
    • Specification
  • Restore
    • Restore tables
    • Restore schema for ScyllaDB 6.0/2024.2 or newer
    • Restore schema for ScyllaDB 5.4/2024.1 or older
    • Examples
    • Compatibility Matrix
  • Repair
    • Repair faster
    • Repair slower
    • Examples
  • Health Check
  • CLI sctool
    • Environment variables
    • Completion
    • Download files
    • Backup
    • Restore
    • Cluster
    • Info
    • Progress
    • Repair
    • Start
    • Status
    • Stop
    • Suspend & Resume
    • Tasks
    • Version
  • Configuration Files
    • Scylla Manager Config
    • Scylla Manager Agent Config
  • Swagger File
  • ScyllaDB Monitoring
  • Troubleshooting
  • Slack
Docs Tutorials University Contact Us About Us
© 2025, ScyllaDB. All rights reserved. | Terms of Service | Privacy Policy | ScyllaDB, and ScyllaDB Cloud, are registered trademarks of ScyllaDB, Inc.
Last updated on 07 May 2025.
Powered by Sphinx 7.4.7 & ScyllaDB Theme 1.8.6