Navigation :

azStorage

Use the resource azStorage to deploy an Azure Storage account.

Attributes

Attribute Type Mandatory Values Default Notes
Name String
ResourceGroupName String
Location String
Kind String Storage
StorageV2 (D)
BlobStorage
BlockBlobStorage
FileStorage
Sku String Standard_LRS
Standard_ZRS
Standard_GRS
Standard_RAGRS
Premium_LRS
Premium_ZRS
EnableAzureActiveDirectory Boolean No False
Network Object No
Security Object No
Diagnostic Object No
Tag Object No
Lock Object No
Blob Object No
FileShare Object No

Network

Attribute Type Mandatory Values Default Notes
PublicNetworkAccess String No Enabled, Selected, Disabled Selected
VNet Object No
Firewall Object No
Resources Object No
Exceptions Object No
RoutingPreference String No MicrosoftRouting (D)
InternetRouting
PrivateEndpoint Object No

Network VNet

Attribute Type Mandatory Values Default Notes
SubnetName String Yes
VNetName String Yes
ResourceGroupName String Yes

Network Firewall

Attribute Type Mandatory Values Default Notes
IPAddressOrRange Array No

Network Resources

Attribute Type Mandatory Values Default Notes
Type String Yes
Scope String Yes

Network Exceptions

Attribute Type Mandatory Values Default Notes
AllowAzureServices Boolean No True
AllowReadAccessLogging Boolean No False
AllowReadAccessMetrics Boolean No False

Security

Attribute Type Mandatory Values Default Notes
EnableHttpsTrafficOnly Boolean False
AllowSharedKeyAccess Boolean True
MinimumTlsVersion String No TLS1_0, TLS1_1, TLS1_2 (D) TLS1_2
InfrastructureEncryption Boolean No False

Diagnostic

Attribute Type Mandatory Values Default Notes
Name String Yes
Metric Object No
Target Object No

Diagnostic Metric

Attribute Type Mandatory Values Default Notes
Enabled Boolean Yes * True, False * * Defaults to true if Category is not null
Category Array Transaction

Blob

Attribute Type Mandatory Values Default Notes
AccessTier String
EnableNfsV3 Boolean False
AllowPublicAccess Boolean No True
AllowCrossTenantReplication Boolean No True
EnableHierarchicalNamespace Boolean No False
EnableContainerSoftDelete Boolean No False Number of days
ContainerSoftDeleteRetention Number No
EnableBlobSoftDelete Boolean No False
BlobSoftDeleteRetention Number No Number of days
EnableVersioning Boolean No False
EnableChangeFeed Boolean No False
Container Object No
Diagnostic Object No

Blob Container

Attribute Type Mandatory Values Default Notes
Name String Yes
PublicAccess String Yes None, List, Read Equals MS Off/Private, Blob, Container

Blob Diagnostic

Attribute Type Mandatory Values Default Notes
Name String
Log Object
Metric Object
Target Object

Blob Diagnostic Log

Attribute Type Mandatory Values Default Notes
Enabled Boolean Defaults to true if Category is not null
Category Array StorageRead
StorageWrite
StorageDelete

Blob Diagnostic Metric

Attribute Type Mandatory Values Default Notes
Enabled Boolean True, False * * Defaults to true if Category is not null
Category Array Transaction

File Share

Attribute Type Mandatory Values Default Notes
EnableLargeFileShare Boolean No False

Input by YAML

Object model for YAML deployment:

---
azStorage:
    # Mandatory
  - Name: 'string'
    ResourceGroupName: 'string'
    Location: 'string'
    # Optional
    Kind: 'string'                                # Storage, StorageV2 (D), BlobStorage, BlockBlobStorage, FileStorage
    Sku: 'string'                                 # Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS
    EnableAzureActiveDirectory: boolean           # False (D), True

    Network:
      PublicNetworkAccess: 'string'               # Enabled, Selected (D), Disabled
      VNet:
        - SubnetName: 'string'
          VNetName: 'string'
          ResourceGroupName: 'string'                                
      Firewall:
        IPAddressOrRange: [array]   
      Resources:
        - Type: 'string'
          Scope: 'string'
      Exceptions:
        AllowAzureServices: boolean               # True (D), False
        AllowReadAccessLogging: boolean           # True, False (D)
        AllowReadAccessMetrics: boolean           # True, False (D)
      RoutingPreference: 'string'                 # MicrosoftRouting (D), InternetRouting

      PrivateEndPoint:
        - Name: 'string'
          Location: 'string'
          PrivateLinkName: 'string'               # Defaults to pl-resource
          NetworkInterfaceName: 'string'          # Defaults to nic-resource
          ResourceGroupName: 'string'             # Defaults to RG of the resource
          VirtualNetwork:
            VNetName: 'string'
            SubnetName: 'string'
            ResourceGroupName: 'string'           # Defaults to RG of the resource
            SubscriptionName: 'string'            # Defaults to Sub of the resource

    Security:
      EnableHttpsTrafficOnly: boolean             # False (D), True
      AllowSharedKeyAccess: boolean               # False, True (D)
      MinimumTlsVersion: 'string'                 # TLS1_0, TLS1_1, TLS1_2 (D)
      InfrastructureEncryption: boolean           # False (D), True

    Diagnostic:
      - Name: 'string'
        Metric:
          Enabled: boolean                        # True (D if MetricCategory not null), False
          Category:                               
            - Transaction                         # defaults to all if enabled
        Target:
          Blob:
            StorageAccount: 'string'
            StorageKeyType: 'string'              # Primary, Secondary
            RetentionInDays: number
            ResourceGroupName: 'string'           # Defaults to RG of resource
            SubscriptionName: 'string'            # Defaults to subscription of resource
          EventHub:
            Name: 'string'
            Namespace: 'string'
            SharedAccessPolicy: 'string'          # RootManageSharedAccessKey (D)
            ResourceGroupName: 'string'           # Defaults to RG of resource
            SubscriptionName: 'string'            # Defaults to subscription of resource
          LogAnalytics:
            Workspace: 'string'
            ResourceGroupName: 'string'           # Defaults to RG of resource
            SubscriptionName: 'string'            # Defaults to subscription of resource

    Tag:
      <keyvalue-pairs>

    Lock:
      - Name: 'string'
        Level: 'string'                           # CanNotDelete, ReadOnly
        Notes: 'string'

    Blob:
      EnableHierarchicalNamespace: boolean        # False (D), True
      AllowPublicAccess: boolean                  # False, True (D)
      AccessTier: 'string'                        # Hot (D), Cool
      EnableContainerSoftDelete: boolean          # False (D), True
      ContainerSoftDeleteRetention: number        # Number of days
      EnableBlobSoftDelete: boolean               # False (D), True
      BlobSoftDeleteRetention: number             # Number of days
      EnableVersioning: boolean                   # False (D), True  (Only for standard accounts)
      EnableChangeFeed: boolean                   # False (D), True  (Only for standard accounts)
      ImmutabilityPeriod: number                  # > 0 will enable account Immutability
      ImmutabilityPolicyState: 'string'           # Unlocked, Disabled
      EnableNfsV3: boolean                        # False (D), True
      AllowCrossTenantReplication: boolean        # False, True (D)

      Diagnostic:
        - Name: 'string'
          Log:
            Enabled: boolean                      # True (D if Category not null), False
            Category:                             # defaults to all if enabled
              - StorageRead               
              - StorageWrite
              - StorageDelete
          Metric:
            Enabled: boolean                      # True (D if MetricCategory not null), False
            Category:                             # defaults to all if enabled
              - Transaction
          Target:
            Blob:
              StorageAccount: 'string'
              StorageKeyType: 'string'            # Primary, Secondary
              RetentionInDays: number
              ResourceGroupName: 'string'         # Defaults to RG of resource
              SubscriptionName: 'string'          # Defaults to subscription of resource
            EventHub:
              Name: 'string'
              Namespace: 'string'
              SharedAccessPolicy: 'string'        # RootManageSharedAccessKey (D)
              ResourceGroupName: 'string'         # Defaults to RG of resource
              SubscriptionName: 'string'          # Defaults to subscription of resource
            LogAnalytics:
              Workspace: 'string'
              ResourceGroupName: 'string'         # Defaults to RG of resource
              SubscriptionName: 'string'          # Defaults to subscription of resource

      Container:
        - Name: 'string'
          PublicAccess: 'string'                  # None, List, Read (Equals MS Off/Private, Blob, Container)

Input by JSON

Object model for JSON deployment:

{
  "azStorage": [
    {
      "Name": "string",
      "ResourceGroupName": "string",
      "Location": "string",
      "Kind": "string",
      "Sku": "string",
      "EnableAzureActiveDirectory": boolean,
      "Network": {
        "PublicNetworkAccess": "string",
        "VNet": [
          {
            "SubnetName": "string",
            "VNetName": "string",
            "ResourceGroupName": "string"
          }
        ],
        "Firewall": {
          "IPAddressOrRange": [
            "array"
          ]
        },
        "Resources": [
          {
            "Type": "string",
            "Scope": "string"
          }
        ],
        "Exceptions": {
          "AllowAzureServices": boolean,
          "AllowReadAccessLogging": boolean,
          "AllowReadAccessMetrics": boolean
        },
        "RoutingPreference": "string",
        "PrivateEndPoint": [
          {
            "Name": "string",
            "Location": "string",
            "PrivateLinkName": "string",
            "NetworkInterfaceName": "string",
            "ResourceGroupName": "string",
            "VirtualNetwork": {
              "VNetName": "string",
              "SubnetName": "string",
              "ResourceGroupName": "string",
              "SubscriptionName": "string"
            }
          }
        ]
      },
      "Security": {
        "EnableHttpsTrafficOnly": boolean,
        "AllowSharedKeyAccess": boolean,
        "MinimumTlsVersion": "string",
        "InfrastructureEncryption": boolean
      },
      "Diagnostic": [
        {
          "Name": "string",
          "Metric": {
            "Enabled": boolean,
            "Category": [array]
          },
          "Target": {
            "Blob": {
              "StorageAccount": "string",
              "StorageKeyType": "string",
              "RetentionInDays": number,
              "ResourceGroupName": "string",
              "SubscriptionName": "string"
            },
            "EventHub": {
              "Name": "string",
              "Namespace": "string",
              "SharedAccessPolicy": "string",
              "ResourceGroupName": "string",
              "SubscriptionName": "string"
            },
            "LogAnalytics": {
              "Workspace": "string",
              "ResourceGroupName": "string",
              "SubscriptionName": "string"
            }
          }
        }
      ],
      "Tag": {
        "key": "value",
      "Lock": [
        {
          "Name": "string",
          "Level": "string",
          "Notes": "string"
        }
      ],
      "Blob": {
        "EnableHierarchicalNamespace": boolean,
        "AllowPublicAccess": boolean,
        "AccessTier": "string",
        "EnableContainerSoftDelete": boolean,
        "ContainerSoftDeleteRetention": number,
        "EnableBlobSoftDelete": boolean,
        "BlobSoftDeleteRetention": number,
        "EnableVersioning": boolean,
        "EnableChangeFeed": boolean,
        "ImmutabilityPeriod": number,
        "ImmutabilityPolicyState": "string",
        "EnableNfsV3": boolean,
        "AllowCrossTenantReplication": boolean,
        "Diagnostic": [
          {
            "Name": "string",
            "Log": {
              "Enabled": boolean,
              "Category": [array]
            },
            "Metric": {
              "Enabled": boolean,
              "Category": [array]
            },
            "Target": {
              "Blob": {
                "StorageAccount": "string",
                "StorageKeyType": "string",
                "RetentionInDays": number,
                "ResourceGroupName": "string",
                "SubscriptionName": "string"
              },
              "EventHub": {
                "Name": "string",
                "Namespace": "string",
                "SharedAccessPolicy": "string",
                "ResourceGroupName": "string",
                "SubscriptionName": "string"
              },
              "LogAnalytics": {
                "Workspace": "string",
                "ResourceGroupName": "string",
                "SubscriptionName": "string"
              }
            }
          }
        ],
        "Container": [
          {
            "Name": "string",
            "PublicAccess": "string"
          }
        ]
      }
    }
  ]
}