Book Image

Azure Data Engineering Cookbook - Second Edition

By : Nagaraj Venkatesan, Ahmad Osama
Book Image

Azure Data Engineering Cookbook - Second Edition

By: Nagaraj Venkatesan, Ahmad Osama

Overview of this book

The famous quote 'Data is the new oil' seems more true every day as the key to most organizations' long-term success lies in extracting insights from raw data. One of the major challenges organizations face in leveraging value out of data is building performant data engineering pipelines for data visualization, ingestion, storage, and processing. This second edition of the immensely successful book by Ahmad Osama brings to you several recent enhancements in Azure data engineering and shares approximately 80 useful recipes covering common scenarios in building data engineering pipelines in Microsoft Azure. You’ll explore recipes from Azure Synapse Analytics workspaces Gen 2 and get to grips with Synapse Spark pools, SQL Serverless pools, Synapse integration pipelines, and Synapse data flows. You’ll also understand Synapse SQL Pool optimization techniques in this second edition. Besides Synapse enhancements, you’ll discover helpful tips on managing Azure SQL Database and learn about security, high availability, and performance monitoring. Finally, the book takes you through overall data engineering pipeline management, focusing on monitoring using Log Analytics and tracking data lineage using Azure Purview. By the end of this book, you’ll be able to build superior data engineering pipelines along with having an invaluable go-to guide.

Related Content you might be interested in

Current Title:

Small book image
Azure Data Engineering Cookbook - Second Edition
Nagaraj Venkatesan | Ahmad Osama
Sep, 2022 | 608 pages
Small book image
Limitless Analytics with Azure Synapse
Prashant Kumar Mishra
Jun, 2021 | 392 pages
Small book image
Azure Data Factory Cookbook
Dmitry Anoshin | Xenia Ireton | Tonya Chernyshova | Dmitry Foshin
Feb, 2024 | 532 pages
Small book image
Cloud Scale Analytics with Azure Data Services.
Patrik Borosch
Jul, 2021 | 520 pages
Table of Contents (16 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Sections
Get in touch
Share your thoughts
1
Chapter 1: Creating and Managing Data in Azure Data Lake
Chapter 1: Creating and Managing Data in Azure Data Lake
Technical requirements
Provisioning an Azure storage account using the Azure portal
Provisioning an Azure storage account using PowerShell
Creating containers and uploading files to Azure Blob storage using PowerShell
Managing blobs in Azure Storage using PowerShell
Configuring blob lifecycle management for blob objects using the Azure portal
Free Chapter
2
Chapter 2: Securing and Monitoring Data in Azure Data Lake
Chapter 2: Securing and Monitoring Data in Azure Data Lake
Configuring a firewall for an Azure Data Lake account using the Azure portal
Configuring virtual networks for an Azure Data Lake account using the Azure portal
Configuring private links for an Azure Data Lake account
Configuring encryption using Azure Key Vault for Azure Data Lake
Accessing Blob storage accounts using managed identities
Creating an alert to monitor an Azure storage account
Securing an Azure storage account with SAS using PowerShell
3
Chapter 3: Building Data Ingestion Pipelines Using Azure Data Factory
Chapter 3: Building Data Ingestion Pipelines Using Azure Data Factory
Technical requirements
Provisioning Azure Data Factory
Copying files to a database from a data lake using a control flow and copy activity
Triggering a pipeline in Azure Data Factory
Copying data from a SQL Server virtual machine to a data lake using the Copy data wizard
4
Chapter 4: Azure Data Factory Integration Runtime
Chapter 4: Azure Data Factory Integration Runtime
Technical requirements
Configuring a self-hosted IR
Configuring a shared self-hosted IR
Configuring high availability for a self-hosted IR
Patching a self-hosted IR
Migrating an SSIS package to Azure Data Factory
5
Chapter 5: Configuring and Securing Azure SQL Database
Chapter 5: Configuring and Securing Azure SQL Database
Technical requirements
Provisioning and connecting to an Azure SQL database using PowerShell
Implementing an Azure SQL Database elastic pool using PowerShell
Configuring a virtual network and private endpoints for Azure SQL Database
Configuring Azure Key Vault for Azure SQL Database
Provisioning and configuring a wake-up script for a serverless SQL database
Configuring the Hyperscale tier of Azure SQL Database
6
Chapter 6: Implementing High Availability and Monitoring in Azure SQL Database
Chapter 6: Implementing High Availability and Monitoring in Azure SQL Database
Implementing active geo-replication for an Azure SQL database using PowerShell
Implementing an auto-failover group for an Azure SQL database using PowerShell
Configuring high availability to the Hyperscale tier of Azure SQL Database
Implementing vertical scaling for an Azure SQL database using PowerShell
Monitoring an Azure SQL database using the Azure portal
Configuring auditing for Azure SQL Database
7
Chapter 7: Processing Data Using Azure Databricks
Chapter 7: Processing Data Using Azure Databricks
Technical requirements
Configuring the Azure Databricks environment
Integrating Databricks with Azure Key Vault
Mounting an Azure Data Lake container in Databricks
Processing data using notebooks
Scheduling notebooks using job clusters
Working with Delta Lake tables
Connecting a Databricks Delta Lake table to Power BI
8
Chapter 8: Processing Data Using Azure Synapse Analytics
Chapter 8: Processing Data Using Azure Synapse Analytics
Technical requirements
Provisioning an Azure Synapse Analytics workspace
Analyzing data using serverless SQL pool
Provisioning and configuring Spark pools
Processing data using Spark pools and a lake database
Querying the data in a lake database from serverless SQL pool
Scheduling notebooks to process data incrementally
Visualizing data using Power BI by connecting to serverless SQL pool
9
Chapter 9: Transforming Data Using Azure Synapse Dataflows
Chapter 9: Transforming Data Using Azure Synapse Dataflows
Technical requirements
Copying data using a Synapse data flow
Performing data transformation using activities such as join, sort, and filter
Monitoring data flows and pipelines
Configuring partitions to optimize data flows
Parameterizing Synapse data flows
Handling schema changes dynamically in data flows using schema drift
10
Chapter 10: Building the Serving Layer in Azure Synapse SQL Pool
Chapter 10: Building the Serving Layer in Azure Synapse SQL Pool
Technical requirements
Loading data into dedicated SQL pools using PolyBase and T-SQL
Loading data into a dedicated SQL pool using COPY INTO
Creating distributed tables and modifying table distribution
Creating statistics and automating the update of statistics
Creating partitions and archiving data using partitioned tables
Implementing workload management in an Azure Synapse dedicated SQL pool
Creating workload groups for advanced workload management
11
Chapter 11: Monitoring Synapse SQL and Spark Pools
Chapter 11: Monitoring Synapse SQL and Spark Pools
Technical requirements
Configuring a Log Analytics workspace for Synapse SQL pools
Configuring a Log Analytics workspace for Synapse Spark pools
Using Kusto queries to monitor SQL and Spark pools
Creating workbooks in a Log Analytics workspace to visualize monitoring data
Monitoring table distribution, data skew, and index health using Synapse DMVs
Building monitoring dashboards for Synapse with Azure Monitor
12
Chapter 12: Optimizing and Maintaining Synapse SQL and Spark Pools
Chapter 12: Optimizing and Maintaining Synapse SQL and Spark Pools
Technical requirements
Analyzing a query plan and fixing table distribution
Monitoring and rebuilding a replication table cache
Configuring result set caching in Azure Synapse dedicated SQL pool
Configuring longer backup retention for a Synapse SQL database
Auto pausing Synapse dedicated SQL pool
Optimizing Delta tables in a Synapse Spark pool lake database
Optimizing query performance in Synapse Spark pools
13
Chapter 13: Monitoring and Maintaining Azure Data Engineering Pipelines
Chapter 13: Monitoring and Maintaining Azure Data Engineering Pipelines
Technical requirements
Monitoring Synapse integration pipelines using Log Analytics and workbooks
Tracing SQL queries for dedicated SQL pool to Synapse integration pipelines
Provisioning a Microsoft Purview account and creating a data catalog
Integrating a Synapse workspace with Microsoft Purview and tracking data lineage
Applying Azure tags using PowerShell to multiple Azure resources
14
Index
Index
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Securing an Azure storage account with SAS using PowerShell

A Shared Access Signature (SAS) provides more granular access to blobs by specifying an expiry limit, specific permissions, and IPs.

Using an SAS, we can specify different permissions to users or applications on different blobs, based on the requirement. For example, if an application needs to read one file/blob from a container, instead of providing access to all the files in the container, we can use an SAS to provide read access on the required blob.

In this recipe, we'll learn to create and use an SAS to access blobs.

Getting ready

Before you start, go through the following steps:

  1. Make sure you have an existing Azure storage account. If not, create one by following the Provisioning an Azure storage account using PowerShell recipe in Chapter 1, Creating and Managing Data in Azure Data Lake.
  2. Make sure you have an existing Azure storage container. If not, create one by following the Creating containers and uploading files to Azure Blob storage using PowerShell recipe.
  3. Make sure you have existing blobs/files in an Azure storage container. If not, you can upload blobs by following the previous recipe.
  4. Log in to your Azure subscription in PowerShell. To log in, run the Connect- AzAccount command in a new PowerShell window and follow the instructions.

How to do it…

Let's begin by securing blobs using an SAS.

Securing blobs using an SAS

Perform the following steps:

  1. Execute the following command in the PowerShell window to get the storage context:
    $resourcegroup = "packtadestorage"
$storageaccount = "packtadestoragev2"
#get storage context
$storagecontext = (Get-AzStorageAccount -ResourceGroupName $resourcegroup -Name $storageaccount). Context
  2. Execute the following commands to get the SAS token for the logfile1.txt blob in the logfiles container with list and read permissions:
    #set the token expiry time
$starttime = Get-Date
$endtime = $starttime.AddDays(1)
# get the SAS token into a variable
$sastoken = New-AzStorageBlobSASToken -Container "logfiles" -Blob "logfile1.txt" -Permission lr -StartTime $starttime -ExpiryTime $endtime -Context $storagecontext
# view the SAS token.
 $sastoken
  3. Execute the following commands to list the blob using the SAS token:
    #get storage account context using the SAS token
$ctx = New-AzStorageContext -StorageAccountName $storageaccount -SasToken $sastoken
#list the blob details
Get-AzStorageBlob -blob "logfile1.txt" -Container "logfiles" -Context $ctx

You should get output as shown in the following screenshot:

Figure 2.40 – Listing blobs using an SAS

Figure 2.40 – Listing blobs using an SAS

  1. Execute the following command to write data to logfile1.txt. Ensure you have the Logfile1.txt file in the C:\ADECookbook\Chapter1\ Logfiles\ folder in the machine you are running the script from:
    Set-AzStorageBlobContent -File C:\ADECookbook\Chapter1\ Logfiles\Logfile1.txt -Container logfiles -Context $ctx

You should get output as shown in the following screenshot:

Figure 2.41 – Uploading a blob using an SAS

Figure 2.41 – Uploading a blob using an SAS

The write fails, as the SAS token was created with list and read access.

Securing a container with an SAS

Perform the following steps:

  1. Execute the following command to create a container stored access policy:
    $resourcegroup = "packtadestorage"
$storageaccount = "packtadestoragev2"
#get storage context 
$storagecontext = (Get-AzStorageAccount -ResourceGroupName $resourcegroup -Name $storageaccount). Context
$starttime = Get-Date
$endtime = $starttime.AddDays(1)
New-AzStorageContainerStoredAccessPolicy -Container logfiles -Policy writepolicy -Permission lw -StartTime $starttime -ExpiryTime $endtime -Context $storagecontext
  2. Execute the following command to create the SAS token:
    #get the SAS token
$sastoken = New-AzStorageContainerSASToken -Name logfiles -Policy writepolicy -Context
  3. Execute the following commands to list all the blobs in the container using the SAS token:
    #get the storage context with SAS token
$ctx = New-AzStorageContext -StorageAccountName $storageaccount -SasToken $sastoken
#list blobs using SAS token
Get-AzStorageBlob -Container logfiles -Context $ctx

How it works…

To generate a shared access token for a blob, use the New-AzStorageBlobSASToken command. We need to provide the blob name, container name, permission (l = list, r = read, and w = write), and storage context to generate an SAS token. We can additionally secure the token by providing IPs that can access the blob.

We then use the SAS token to get the storage context using the New-AzStorageContext command. We use the storage context to access the blobs using the Get-AzStorageBlob command. Note that we can only list and read blobs and can't write to them, as the SAS token doesn't have write permissions.

To generate a shared access token for a container, we first create an access policy for the container using the New-AzStorageContainerStoredAccessPolicy command. The access policy specifies the start and expiry time, permission, and IPs. We then generate the SAS token by passing the access policy name to the New-AzStorageContainerSASToken command.

We can now access the container and the blobs using the SAS token.

Previous Section
End of Chapter 2
Next Chapter