Azure - Storage Account Module

This module will create a storage account.

Requirements

Name Version
terraform ~> 1.3
azurerm ~> 3.0
random >= 3.1

Providers

Name Version
azurerm ~> 3.0
random >= 3.1

Modules

No modules.

Resources

Name Type
azurerm_storage_account.sa resource
azurerm_storage_encryption_scope.scope resource
random_string.random resource

Inputs

Name Description Type Default Required
access_list Map of CIDRs Storage Account access. map(string) {} no
access_tier Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts string "Hot" no
account_kind Defines the Kind of account. Valid options are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2 string "StorageV2" no
account_tier Defines the Tier to use for this storage account (Standard or Premium). string null no
allow_nested_items_to_be_public Allow or disallow public access to all blobs or containers in the storage account. bool false no
blob_cors blob service cors rules: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#cors_rule
map(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
}))
null no
blob_delete_retention_days Retention days for deleted blob. Valid value is between 1 and 365 (set to 0 to disable). number 7 no
blob_versioning_enabled Controls whether blob object versioning is enabled. bool false no
container_delete_retention_days Retention days for deleted container. Valid value is between 1 and 365 (set to 0 to disable). number 7 no
custom_404_path path from your repo root to your custom 404 page string null no
default_network_rule Specifies the default action of allow or deny when no other network rules match string "Deny" no
enable_hns Enable Hierarchical Namespace (can be used with Azure Data Lake Storage Gen 2). bool false no
enable_https_traffic_only Forces HTTPS if enabled. bool true no
enable_large_file_share Enable Large File Share. bool false no
enable_sftp Enable SFTP for storage account (enable_hns must be set to true for this to work). bool false no
enable_static_website Controls if static website to be enabled on the storage account. Possible values are true or false bool false no
encryption_scopes Encryption scopes, keys are scope names. more info https://docs.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal
map(object({
enable_infrastructure_encryption = optional(bool)
source = optional(string)
}))
{} no
index_path path from your repo root to index.html string null no
infrastructure_encryption_enabled Is infrastructure encryption enabled? Changing this forces a new resource to be created. bool true no
location Specifies the supported Azure location to MySQL server resource string n/a yes
min_tls_version The minimum supported TLS version for the storage account. string "TLS1_2" no
name Storage account name string null no
nfsv3_enabled Is NFSv3 protocol enabled? Changing this forces a new resource to be created bool false no
replication_type Storage account replication type - i.e. LRS, GRS, RAGRS, ZRS, GZRS, RAGZRS. string n/a yes
resource_group_name name of the resource group to create the resource string n/a yes
service_endpoints Creates a virtual network rule in the subnet_id (values are virtual network subnet ids). map(string) {} no
shared_access_key_enabled Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key bool false no
tags tags to be applied to resources map(string) n/a yes
traffic_bypass Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None. list(string)
[
"None"
]
no

Outputs

Name Description
encryption_scope_ids encryption scope info.
id The ID of the Storage Account.
name The name of the Storage Account.
primary_access_key The primary access key for the storage account.
primary_blob_connection_string The connection string associated with the primary blob location.
primary_blob_endpoint The endpoint URL for blob storage in the primary location.
primary_blob_host The endpoint host for blob storage in the primary location.
primary_connection_string The connection string associated with the primary location.
primary_dfs_endpoint The endpoint URL for DFS storage in the primary location.
primary_file_endpoint The endpoint URL for file storage in the primary location.
primary_queue_endpoint The endpoint URL for queue storage in the primary location.
primary_table_endpoint The endpoint URL for table storage in the primary location.
primary_web_endpoint The endpoint URL for web storage in the primary location.
primary_web_host Hostname with port for web storage in the primary location.
principal_id The Principal ID for the Service Principal associated with the Identity of this Storage Account.
sa The Storage Account object.
secondary_access_key The secondary access key for the storage account.
secondary_blob_connection_string The connection string associated with the secondary blob location.
secondary_blob_endpoint The endpoint URL for blob storage in the secondary location.
secondary_blob_host The endpoint host for blob storage in the secondary location.
secondary_connection_string The connection string associated with the secondary location.
secondary_dfs_endpoint The endpoint URL for DFS storage in the secondary location.
secondary_file_endpoint The endpoint URL for file storage in the secondary location.
secondary_queue_endpoint The endpoint URL for queue storage in the secondary location.
secondary_table_endpoint The endpoint URL for table storage in the secondary location.
secondary_web_endpoint The endpoint URL for web storage in the secondary location.
secondary_web_host Hostname with port for web storage in the secondary location.
tenant_id The Tenant ID for the Service Principal associated with the Identity of this Storage Account.