azStorage
Deploy an Azure Storage account.
Attributes
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | ||||
| ResourceGroupName | String | ||||
| Location | String | ||||
| Kind | String | Storage | |||
| StorageV2 (D) | |||||
| BlobStorage | |||||
| BlockBlobStorage | |||||
| FileStorage | |||||
| Sku | String | Standard_LRS | |||
| Standard_ZRS | |||||
| Standard_GRS | |||||
| Standard_RAGRS | |||||
| Premium_LRS | |||||
| Premium_ZRS | |||||
| EnableAzureActiveDirectory | Boolean | No | False | ||
| Network | Object | No | |||
| Security | Object | No | |||
| Diagnostic | Object | No | |||
| Tag | Object | No | |||
| Lock | Object | No | |||
| Blob | Object | No | |||
| FileShare | Object | No |
Network
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| PublicNetworkAccess | String | No | Enabled, Selected, Disabled | Selected | |
| VNet | Object | No | |||
| Firewall | Object | No | |||
| Resources | Object | No | |||
| Exceptions | Object | No | |||
| RoutingPreference | String | No | MicrosoftRouting (D) | ||
| InternetRouting | |||||
| PrivateEndpoint | Object | No |
Network VNet
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| SubnetName | String | Yes | |||
| VNetName | String | Yes | |||
| ResourceGroupName | String | Yes |
Network Firewall
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| IPAddressOrRange | Array | No |
Network Resources
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Type | String | Yes | |||
| Scope | String | Yes |
Network Exceptions
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| AllowAzureServices | Boolean | No | True | ||
| AllowReadAccessLogging | Boolean | No | False | ||
| AllowReadAccessMetrics | Boolean | No | False |
Security
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| EnableHttpsTrafficOnly | Boolean | False | |||
| AllowSharedKeyAccess | Boolean | True | |||
| MinimumTlsVersion | String | No | TLS1_0, TLS1_1, TLS1_2 (D) | TLS1_2 | |
| InfrastructureEncryption | Boolean | No | False |
Diagnostic
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| Metric | Object | No | |||
| Target | Object | No |
Diagnostic Metric
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Enabled | Boolean | Yes * | True, False | * | * Defaults to true if Category is not null |
| Category | Array | Transaction |
Blob
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| AccessTier | String | ||||
| EnableNfsV3 | Boolean | False | |||
| AllowPublicAccess | Boolean | No | True | ||
| AllowCrossTenantReplication | Boolean | No | True | ||
| EnableHierarchicalNamespace | Boolean | No | False | ||
| EnableContainerSoftDelete | Boolean | No | False | Number of days | |
| ContainerSoftDeleteRetention | Number | No | |||
| EnableBlobSoftDelete | Boolean | No | False | ||
| BlobSoftDeleteRetention | Number | No | Number of days | ||
| EnableVersioning | Boolean | No | False | ||
| EnableChangeFeed | Boolean | No | False | ||
| Container | Object | No | |||
| Diagnostic | Object | No |
Blob Container
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| PublicAccess | String | Yes | None, List, Read | Equals MS Off/Private, Blob, Container |
Blob Diagnostic
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | ||||
| Log | Object | ||||
| Metric | Object | ||||
| Target | Object |
Blob Diagnostic Log
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Enabled | Boolean | Defaults to true if Category is not null | |||
| Category | Array | StorageRead | |||
| StorageWrite | |||||
| StorageDelete |
Blob Diagnostic Metric
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Enabled | Boolean | True, False | * | * Defaults to true if Category is not null | |
| Category | Array | Transaction |
File Share
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| EnableLargeFileShare | Boolean | No | False |
Input by YAML
Object model for YAML deployment:
---
azStorage:
# Mandatory
- Name: 'string'
ResourceGroupName: 'string'
Location: 'string'
# Optional
Kind: 'string' # Storage, StorageV2 (D), BlobStorage, BlockBlobStorage, FileStorage
Sku: 'string' # Standard_LRS, Standard_ZRS, Standard_GRS, Standard_RAGRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS
EnableAzureActiveDirectory: boolean # False (D), True
Network:
PublicNetworkAccess: 'string' # Enabled, Selected (D), Disabled
VNet:
- SubnetName: 'string'
VNetName: 'string'
ResourceGroupName: 'string'
Firewall:
IPAddressOrRange: [array]
Resources:
- Type: 'string'
Scope: 'string'
Exceptions:
AllowAzureServices: boolean # True (D), False
AllowReadAccessLogging: boolean # True, False (D)
AllowReadAccessMetrics: boolean # True, False (D)
RoutingPreference: 'string' # MicrosoftRouting (D), InternetRouting
PrivateEndPoint:
- Name: 'string'
Location: 'string'
PrivateLinkName: 'string' # Defaults to pl-resource
NetworkInterfaceName: 'string' # Defaults to nic-resource
ResourceGroupName: 'string' # Defaults to RG of the resource
VirtualNetwork:
VNetName: 'string'
SubnetName: 'string'
ResourceGroupName: 'string' # Defaults to RG of the resource
SubscriptionName: 'string' # Defaults to Sub of the resource
Security:
EnableHttpsTrafficOnly: boolean # False (D), True
AllowSharedKeyAccess: boolean # False, True (D)
MinimumTlsVersion: 'string' # TLS1_0, TLS1_1, TLS1_2 (D)
InfrastructureEncryption: boolean # False (D), True
Diagnostic:
- Name: 'string'
Metric:
Enabled: boolean # True (D if MetricCategory not null), False
Category:
- Transaction # defaults to all if enabled
Target:
Blob:
StorageAccount: 'string'
StorageKeyType: 'string' # Primary, Secondary
RetentionInDays: number
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to subscription of resource
EventHub:
Name: 'string'
Namespace: 'string'
SharedAccessPolicy: 'string' # RootManageSharedAccessKey (D)
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to subscription of resource
LogAnalytics:
Workspace: 'string'
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to subscription of resource
Tag:
<keyvalue-pairs>
Lock:
- Name: 'string'
Level: 'string' # CanNotDelete, ReadOnly
Notes: 'string'
Blob:
EnableHierarchicalNamespace: boolean # False (D), True
AllowPublicAccess: boolean # False, True (D)
AccessTier: 'string' # Hot (D), Cool
EnableContainerSoftDelete: boolean # False (D), True
ContainerSoftDeleteRetention: number # Number of days
EnableBlobSoftDelete: boolean # False (D), True
BlobSoftDeleteRetention: number # Number of days
EnableVersioning: boolean # False (D), True (Only for standard accounts)
EnableChangeFeed: boolean # False (D), True (Only for standard accounts)
ImmutabilityPeriod: number # > 0 will enable account Immutability
ImmutabilityPolicyState: 'string' # Unlocked, Disabled
EnableNfsV3: boolean # False (D), True
AllowCrossTenantReplication: boolean # False, True (D)
Diagnostic:
- Name: 'string'
Log:
Enabled: boolean # True (D if Category not null), False
Category: # defaults to all if enabled
- StorageRead
- StorageWrite
- StorageDelete
Metric:
Enabled: boolean # True (D if MetricCategory not null), False
Category: # defaults to all if enabled
- Transaction
Target:
Blob:
StorageAccount: 'string'
StorageKeyType: 'string' # Primary, Secondary
RetentionInDays: number
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to subscription of resource
EventHub:
Name: 'string'
Namespace: 'string'
SharedAccessPolicy: 'string' # RootManageSharedAccessKey (D)
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to subscription of resource
LogAnalytics:
Workspace: 'string'
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to subscription of resource
Container:
- Name: 'string'
PublicAccess: 'string' # None, List, Read (Equals MS Off/Private, Blob, Container)
Input by JSON
Object model for JSON deployment:
{
"azStorage": [
{
"Name": "string",
"ResourceGroupName": "string",
"Location": "string",
"Kind": "string",
"Sku": "string",
"EnableAzureActiveDirectory": boolean,
"Network": {
"PublicNetworkAccess": "string",
"VNet": [
{
"SubnetName": "string",
"VNetName": "string",
"ResourceGroupName": "string"
}
],
"Firewall": {
"IPAddressOrRange": [
"array"
]
},
"Resources": [
{
"Type": "string",
"Scope": "string"
}
],
"Exceptions": {
"AllowAzureServices": boolean,
"AllowReadAccessLogging": boolean,
"AllowReadAccessMetrics": boolean
},
"RoutingPreference": "string",
"PrivateEndPoint": [
{
"Name": "string",
"Location": "string",
"PrivateLinkName": "string",
"NetworkInterfaceName": "string",
"ResourceGroupName": "string",
"VirtualNetwork": {
"VNetName": "string",
"SubnetName": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
}
}
]
},
"Security": {
"EnableHttpsTrafficOnly": boolean,
"AllowSharedKeyAccess": boolean,
"MinimumTlsVersion": "string",
"InfrastructureEncryption": boolean
},
"Diagnostic": [
{
"Name": "string",
"Metric": {
"Enabled": boolean,
"Category": [array]
},
"Target": {
"Blob": {
"StorageAccount": "string",
"StorageKeyType": "string",
"RetentionInDays": number,
"ResourceGroupName": "string",
"SubscriptionName": "string"
},
"EventHub": {
"Name": "string",
"Namespace": "string",
"SharedAccessPolicy": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
},
"LogAnalytics": {
"Workspace": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
}
}
}
],
"Tag": {
"key": "value",
"Lock": [
{
"Name": "string",
"Level": "string",
"Notes": "string"
}
],
"Blob": {
"EnableHierarchicalNamespace": boolean,
"AllowPublicAccess": boolean,
"AccessTier": "string",
"EnableContainerSoftDelete": boolean,
"ContainerSoftDeleteRetention": number,
"EnableBlobSoftDelete": boolean,
"BlobSoftDeleteRetention": number,
"EnableVersioning": boolean,
"EnableChangeFeed": boolean,
"ImmutabilityPeriod": number,
"ImmutabilityPolicyState": "string",
"EnableNfsV3": boolean,
"AllowCrossTenantReplication": boolean,
"Diagnostic": [
{
"Name": "string",
"Log": {
"Enabled": boolean,
"Category": [array]
},
"Metric": {
"Enabled": boolean,
"Category": [array]
},
"Target": {
"Blob": {
"StorageAccount": "string",
"StorageKeyType": "string",
"RetentionInDays": number,
"ResourceGroupName": "string",
"SubscriptionName": "string"
},
"EventHub": {
"Name": "string",
"Namespace": "string",
"SharedAccessPolicy": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
},
"LogAnalytics": {
"Workspace": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
}
}
}
],
"Container": [
{
"Name": "string",
"PublicAccess": "string"
}
]
}
}
]
}