Metric_enable |
Is this Diagnostic Metric enabled? Defaults to true. |
bool |
true |
no |
access_tier |
Defines the access tier for BlobStorage and StorageV2 accounts. Valid options are Hot and Cool. |
string |
"Hot" |
no |
account_kind |
The type of storage account. Valid options are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2. |
string |
"StorageV2" |
no |
account_replication_type |
Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa. |
string |
"LRS" |
no |
account_tier |
Defines the Tier to use for this storage account. Valid options are Standard and Premium. For BlockBlobStorage and FileStorage accounts only Premium is valid. Changing this forces a new resource to be created. |
string |
"Standard" |
no |
addon_resource_group_name |
The name of the addon vnet resource group |
string |
null |
no |
addon_vent_link |
The name of the addon vnet |
bool |
false |
no |
addon_virtual_network_id |
The name of the addon vnet link vnet id |
string |
null |
no |
admin_objects_ids |
IDs of the objects that can do all operations on all keys, secrets and certificates. |
list(string) |
[] |
no |
alias_sub |
n/a |
string |
null |
no |
allow_nested_items_to_be_public |
Allow or disallow nested items within this Account to opt into being public. Defaults to true. |
bool |
false |
no |
allowed_copy_scope |
Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. Possible values are AAD and PrivateLink. |
string |
"PrivateLink" |
no |
cmk_encryption_enabled |
Whether to create CMK or not |
bool |
false |
no |
containers_list |
List of containers to create and their access levels. |
list(object({ name = string, access_type = string })) |
[] |
no |
cross_tenant_replication_enabled |
Should cross Tenant replication be enabled? Defaults to true. |
bool |
true |
no |
custom_domain_name |
The Custom Domain Name to use for the Storage Account, which will be validated by Azure. |
string |
null |
no |
datastorages |
n/a |
list(string) |
[ "blob", "queue", "table", "file" ] |
no |
default_to_oauth_authentication |
Default to Azure Active Directory authorization in the Azure portal when accessing the Storage Account. The default value is false |
bool |
false |
no |
diff_sub |
The name of the addon vnet |
bool |
false |
no |
edge_zone |
Specifies the Edge Zone within the Azure Region where this Storage Account should exist. |
string |
null |
no |
enable_advanced_threat_protection |
Boolean flag which controls if advanced threat protection is enabled. |
bool |
true |
no |
enable_diagnostic |
Set to false to prevent the module from creating the diagnosys setting for the NSG Resource.. |
bool |
false |
no |
enable_file_share_cors_rules |
Whether or not enable file share cors rules. |
bool |
false |
no |
enable_hour_metrics |
Enable or disable the creation of the hour_metrics block. |
bool |
false |
no |
enable_https_traffic_only |
Boolean flag which forces HTTPS if enabled, see here for more information. |
bool |
true |
no |
enable_minute_metrics |
Enable or disable the creation of the minute_metrics block. |
bool |
false |
no |
enable_private_endpoint |
enable or disable private endpoint to storage account |
bool |
true |
no |
enable_private_link_access |
Enable or disable the creation of the private_link_access. |
bool |
false |
no |
enable_routing |
Enable or disable the creation of the routing block. |
bool |
false |
no |
enable_sas_policy |
Enable or disable the creation of the sas_policy block. |
bool |
false |
no |
enabled |
Set to false to prevent the module from creating any resources. |
bool |
true |
no |
environment |
Environment (e.g. prod , dev , staging ). |
string |
"" |
no |
eventhub_authorization_rule_id |
Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG. |
string |
null |
no |
eventhub_name |
Eventhub Name to pass it to destination details of diagnosys setting of NSG. |
string |
null |
no |
existing_private_dns_zone |
Name of the existing private DNS zone |
string |
null |
no |
existing_private_dns_zone_resource_group_name |
The name of the existing resource group |
string |
null |
no |
expiration_date |
Expiration UTC datetime (Y-m-d'T'H:M:S'Z') |
string |
"2034-10-22T18:29:59Z" |
no |
extra_tags |
Variable to pass extra tags. |
map(string) |
null |
no |
file_share_authentication |
Storage Account file shares authentication configuration. |
object({ directory_type = string active_directory = optional(object({ storage_sid = string domain_name = string domain_sid = string domain_guid = string forest_name = string netbios_domain_name = string })) }) |
null |
no |
file_share_cors_rules |
Storage Account file shares CORS rule. Please refer to the documentation for more information. |
list(object({ allowed_headers = list(string) allowed_methods = list(string) allowed_origins = list(string) exposed_headers = list(string) max_age_in_seconds = number })) |
null |
no |
file_share_properties_smb |
Storage Account file shares smb properties. |
object({ versions = optional(list(string)) authentication_types = optional(list(string)) kerberos_ticket_encryption_type = optional(list(string)) channel_encryption_type = optional(list(string)) multichannel_enabled = optional(bool) }) |
null |
no |
file_share_retention_policy_in_days |
Storage Account file shares retention policy in days. Enabling this may require additional directory permissions. |
number |
null |
no |
file_shares |
List of containers to create and their access levels. |
list(object({ name = string, quota = number })) |
[] |
no |
hour_metrics |
n/a |
object({ enabled = bool version = string include_apis = bool retention_policy_days = number }) |
{ "enabled": false, "include_apis": false, "retention_policy_days": 7, "version": "" } |
no |
identity_type |
Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are SystemAssigned , UserAssigned , SystemAssigned, UserAssigned (to enable both). |
string |
"UserAssigned" |
no |
infrastructure_encryption_enabled |
Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to false. |
bool |
true |
no |
is_hns_enabled |
Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2. Changing this forces a new resource to be created. |
bool |
false |
no |
key_vault_id |
n/a |
string |
"" |
no |
key_vault_rbac_auth_enabled |
Is key vault has role base access enable or not. |
bool |
true |
no |
label_order |
Label order, e.g. sequence of application name and environment name ,environment ,'attribute' [webserver ,qa ,devops ,public ,] . |
list(any) |
[ "name", "environment" ] |
no |
large_file_share_enabled |
Is Large File Share Enabled? |
bool |
false |
no |
location |
The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table' |
string |
"North Europe" |
no |
log_analytics_destination_type |
Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table. |
string |
"AzureDiagnostics" |
no |
log_analytics_workspace_id |
log analytics workspace id to pass it to destination details of diagnosys setting of NSG. |
string |
null |
no |
logs |
n/a |
list(string) |
[ "StorageWrite", "StorageRead", "StorageDelete" ] |
no |
managedby |
ManagedBy, eg 'Identos'. |
string |
"" |
no |
management_policy |
Configure Azure Storage firewalls and virtual networks |
list(object({ prefix_match = set(string) tier_to_cool_after_days = number tier_to_archive_after_days = number delete_after_days = number snapshot_delete_after_days = number })) |
[ { "delete_after_days": 100, "prefix_match": null, "snapshot_delete_after_days": 30, "tier_to_archive_after_days": 50, "tier_to_cool_after_days": 0 } ] |
no |
management_policy_enable |
n/a |
bool |
false |
no |
metrics |
n/a |
list(string) |
[ "Transaction", "Capacity" ] |
no |
metrics_enabled |
n/a |
list(bool) |
[ true, true ] |
no |
min_tls_version |
The minimum supported TLS version for the storage account |
string |
"TLS1_2" |
no |
minute_metrics |
n/a |
list(object({ enabled = bool version = string include_apis = bool retention_policy_days = number })) |
[ { "enabled": false, "include_apis": false, "retention_policy_days": 7, "version": "" } ] |
no |
multi_sub_vnet_link |
Flag to control creation of vnet link for dns zone in different subscription |
bool |
false |
no |
name |
Name (e.g. app or cluster ). |
string |
"" |
no |
network_rules |
List of objects that represent the configuration of each network rules. |
map(string) |
{} |
no |
nfsv3_enabled |
Is NFSv3 protocol enabled? Changing this forces a new resource to be created. |
bool |
false |
no |
private_link_access |
List of Privatelink objects to allow access from. |
list(object({ endpoint_resource_id = string endpoint_tenant_id = string })) |
[] |
no |
public_network_access_enabled |
Whether the public network access is enabled? Defaults to true. |
bool |
true |
no |
queue_encryption_key_type |
The encryption type of the queue service. Possible values are 'Service' and 'Account'. |
string |
"Account" |
no |
queue_properties_logging |
Logging queue properties |
object({ delete = optional(bool) read = optional(bool) write = optional(bool) version = optional(string) retention_policy_days = optional(number) }) |
{ "delete": true, "read": true, "retention_policy_days": 7, "version": "1.0", "write": true } |
no |
queues |
List of storages queues |
list(string) |
[] |
no |
repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-azure-storage.git" |
no |
resource_group_name |
A container that holds related resources for an Azure solution |
string |
"" |
no |
restore_policy |
Wheteher or not create restore policy |
bool |
false |
no |
rotation_policy |
n/a |
map(object({ time_before_expiry = string expire_after = string notify_before_expiry = string })) |
null |
no |
rotation_policy_enabled |
Whether or not to enable rotation policy |
bool |
false |
no |
routing |
n/a |
list(object({ publish_internet_endpoints = bool publish_microsoft_endpoints = bool choice = string })) |
[ { "choice": "MicrosoftRouting", "publish_internet_endpoints": false, "publish_microsoft_endpoints": false } ] |
no |
sas_policy_settings |
n/a |
list(object({ expiration_period = string expiration_action = string })) |
[ { "expiration_action": "Log", "expiration_period": "7.00:00:00" } ] |
no |
sftp_enabled |
Boolean, enable SFTP for the storage account |
bool |
false |
no |
shared_access_key_enabled |
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is true. |
bool |
true |
no |
static_website_config |
Static website configuration. Can only be set when the account_kind is set to StorageV2 or BlockBlobStorage . |
object({ index_document = optional(string) error_404_document = optional(string) }) |
null |
no |
storage_account_id |
Storage account id to pass it to destination details of diagnosys setting of NSG. |
string |
null |
no |
storage_account_name |
The name of the azure storage account |
string |
"" |
no |
storage_blob_cors_rule |
Storage Account blob CORS rule. Please refer to the documentation for more information. |
object({ allowed_headers = list(string) allowed_methods = list(string) allowed_origins = list(string) exposed_headers = list(string) max_age_in_seconds = number }) |
null |
no |
storage_blob_data_protection |
Storage account blob Data protection parameters. |
object({ change_feed_enabled = optional(bool, false) versioning_enabled = optional(bool, false) last_access_time_enabled = optional(bool, false) delete_retention_policy_in_days = optional(number, 0) container_delete_retention_policy_in_days = optional(number, 0) container_point_in_time_restore = optional(bool, false) }) |
{ "change_feed_enabled": false, "container_delete_retention_policy_in_days": 7, "delete_retention_policy_in_days": 7, "last_access_time_enabled": false, "versioning_enabled": false } |
no |
subnet_id |
The resource ID of the subnet |
string |
"" |
no |
table_encryption_key_type |
The encryption type of the table service. Possible values are 'Service' and 'Account'. |
string |
"Account" |
no |
tables |
List of storage tables. |
list(string) |
[] |
no |
use_subdomain |
Should the Custom Domain Name be validated by using indirect CNAME validation? |
bool |
false |
no |
virtual_network_id |
The name of the virtual network |
string |
"" |
no |