Is it better to create Azure storage account per app or one storage per region?
No right answer to this question. But objectively you'll want to consider several things:
- If you separate tenants/apps by container, you will no longer be able to separate your app's assets by container - you will have limited yourself to a single container for all assets within an app.
- If you use one storage account for all tenants/apps, you might hit the 20K/sec transaction limit of a storage account (and possibly hit the
500TB5PB total limit) - If you use one storage account, and your app utilizes the storage account key(s), each app will actually have full access to all resources across the storage account. (you can mitigate this with shared access signatures & policies, but you need to also then consider queue/table usage as well).
- If your tenants/apps are in different regions, a tenant's access to a faraway storage account could be slower than with a closer region.
- If you are trying to limit access to a particular app, and only have one storage account, you may end up needing to give people access to the resource group where the storage account resides. And those people might be from teams building different apps. So it's possible you're exposing one app's resources to another team.
- If multiple teams share the same storage account, there's a risk that one team could inadvertently delete assets from another team's app.
There are probably other things to consider, that I'm forgetting.