Azure - Storage Account Module

This module will create a storage account.

Requirements

Name	Version
terraform	>= 1.3
azurerm	>= 4.0
random	>= 3.1

Providers

Name	Version
azurerm	>= 4.0
random	>= 3.1

Modules

No modules.

Resources

Name	Type
azurerm_role_assignment.smb_contributor	resource
azurerm_storage_account.sa	resource
azurerm_storage_encryption_scope.scope	resource
azurerm_storage_share.ss	resource
azurerm_storage_share_file.sf	resource
random_string.random	resource

Inputs

Name	Description	Type	Default	Required
access_list	Map of CIDRs Storage Account access.	map(string)	{}	no
access_tier	Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts	string	"Hot"	no
account_kind	Defines the Kind of account. Valid options are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2	string	"StorageV2"	no
account_tier	Defines the Tier to use for this storage account (Standard or Premium).	string	null	no
allow_nested_items_to_be_public	Allow or disallow public access to all blobs or containers in the storage account.	bool	false	no
allowed_copy_scope	Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. Possible values are AAD and PrivateLink.	string	null	no
blob_cors	blob service cors rules: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#cors_rule	map(object({ allowed_headers = list(string) allowed_methods = list(string) allowed_origins = list(string) exposed_headers = list(string) max_age_in_seconds = number }))	null	no
blob_delete_retention_days	Retention days for deleted blob. Valid value is between 1 and 365 (set to 0 to disable).	number	7	no
blob_last_access_time_enabled	Controls whether blob last access time recording is enabled for container usage.	bool	false	no
blob_versioning_enabled	Controls whether blob object versioning is enabled.	bool	false	no
container_delete_retention_days	Retention days for deleted container. Valid value is between 1 and 365 (set to 0 to disable).	number	7	no
cross_tenant_replication_enabled	Enable cross tenant replication when needed and valid reason. Possible values are true or false	bool	false	no
custom_404_path	path from your repo root to your custom 404 page	string	null	no
default_network_rule	Specifies the default action of allow or deny when no other network rules match	string	"Deny"	no
default_to_oauth_authentication	Set default authentication to storage account content	bool	false	no
enable_hns	Enable Hierarchical Namespace (can be used with Azure Data Lake Storage Gen 2).	bool	false	no
enable_large_file_share	Enable Large File Share.	bool	false	no
enable_sftp	Enable SFTP for storage account (enable_hns must be set to true for this to work).	bool	false	no
enable_static_website	Controls if static website to be enabled on the storage account. Possible values are true or false	bool	false	no
encryption_scopes	Encryption scopes, keys are scope names. more info https://docs.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal	map(object({ enable_infrastructure_encryption = optional(bool) source = optional(string) }))	{}	no
https_traffic_only_enabled	Forces HTTPS if enabled.	bool	true	no
index_path	path from your repo root to index.html	string	null	no
infrastructure_encryption_enabled	Is infrastructure encryption enabled? Changing this forces a new resource to be created.	bool	true	no
location	Specifies the supported Azure location to MySQL server resource	string	n/a	yes
min_tls_version	The minimum supported TLS version for the storage account.	string	"TLS1_2"	no
name	Storage account name	string	null	no
nfsv3_enabled	Is NFSv3 protocol enabled? Changing this forces a new resource to be created	bool	false	no
public_network_access_enabled	Allow or disallow public access to all blobs or containers in the storage account.	bool	false	no
replication_type	Storage account replication type - i.e. LRS, GRS, RAGRS, ZRS, GZRS, RAGZRS.	string	n/a	yes
resource_group_name	name of the resource group to create the resource	string	n/a	yes
service_endpoints	Creates a virtual network rule in the subnet_id (values are virtual network subnet ids).	map(string)	{}	no
share_files	Files to be uploaded to the shares	map(object({ file_share_name = string storage_share_url = string fileset_path = string fileset_pattern = string content_type = optional(string) }))	{}	no
shared_access_key_enabled	Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key	bool	false	no
smb_contributors	List of SMB contributors to the storage shares, for ex: sre entra object id's, github runner sp id's etc.	list(string)	[]	no
storage_shares	List of File Shares to be created in this Storage Account.	list(object({ name = string quota = number metadata = optional(map(string)) enabled_protocol = optional(string) acl = optional(list(object({ id = string access_policy = object({ permissions = string start = optional(string) expiry = optional(string) }) }))) }))	[]	no
tags	tags to be applied to resources	map(string)	n/a	yes
traffic_bypass	Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None.	list(string)	[ "AzureServices" ]	no

Outputs

Name	Description
encryption_scope_ids	encryption scope info.
id	The ID of the Storage Account.
name	The name of the Storage Account.
primary_access_key	The primary access key for the storage account.
primary_blob_connection_string	The connection string associated with the primary blob location.
primary_blob_endpoint	The endpoint URL for blob storage in the primary location.
primary_blob_host	The endpoint host for blob storage in the primary location.
primary_connection_string	The connection string associated with the primary location.
primary_dfs_endpoint	The endpoint URL for DFS storage in the primary location.
primary_file_endpoint	The endpoint URL for file storage in the primary location.
primary_queue_endpoint	The endpoint URL for queue storage in the primary location.
primary_table_endpoint	The endpoint URL for table storage in the primary location.
primary_web_endpoint	The endpoint URL for web storage in the primary location.
primary_web_host	Hostname with port for web storage in the primary location.
principal_id	The Principal ID for the Service Principal associated with the Identity of this Storage Account.
sa	The Storage Account object.
secondary_access_key	The secondary access key for the storage account.
secondary_blob_connection_string	The connection string associated with the secondary blob location.
secondary_blob_endpoint	The endpoint URL for blob storage in the secondary location.
secondary_blob_host	The endpoint host for blob storage in the secondary location.
secondary_connection_string	The connection string associated with the secondary location.
secondary_dfs_endpoint	The endpoint URL for DFS storage in the secondary location.
secondary_file_endpoint	The endpoint URL for file storage in the secondary location.
secondary_queue_endpoint	The endpoint URL for queue storage in the secondary location.
secondary_table_endpoint	The endpoint URL for table storage in the secondary location.
secondary_web_endpoint	The endpoint URL for web storage in the secondary location.
secondary_web_host	Hostname with port for web storage in the secondary location.
storage_shares	List of storage shares object.
tenant_id	The Tenant ID for the Service Principal associated with the Identity of this Storage Account.