access_tier |
Defines the access tier for BlobStorage , FileStorage and StorageV2 accounts. Valid options are Hot and Cool , defaults to Hot . |
string |
"Hot" |
no |
account_kind |
Defines the Kind of account. Valid options are BlobStorage , BlockBlobStorage , FileStorage , Storage and StorageV2 . Changing this forces a new resource to be created. Defaults to StorageV2. |
string |
"StorageV2" |
no |
account_replication_type |
Defines the type of replication to use for this storage account. Valid options are LRS , GRS , RAGRS , ZRS , GZRS and RAGZRS . |
string |
"ZRS" |
no |
account_tier |
Defines the Tier to use for this storage account. Valid options are Standard and Premium . For BlockBlobStorage and FileStorage accounts only Premium is valid. Changing this forces a new resource to be created. |
string |
"Standard" |
no |
advanced_threat_protection_enabled |
Boolean flag which controls if advanced threat protection is enabled, see documentation for more information. |
bool |
false |
no |
allowed_cidrs |
List of CIDR to allow access to that storage account. |
list(string) |
[] |
no |
client_name |
Client name/account used in naming |
string |
n/a |
yes |
containers |
List of objects to create some Blob containers in this Storage Account. |
list(object({ name = string container_access_type = optional(string) metadata = optional(map(string)) })) |
[] |
no |
custom_diagnostic_settings_name |
Custom name of the diagnostics settings, name will be 'default' if not set. |
string |
"default" |
no |
custom_domain_name |
The Custom Domain Name to use for the Storage Account, which will be validated by Azure. |
string |
null |
no |
default_firewall_action |
Which default firewalling policy to apply. Valid values are Allow or Deny . |
string |
"Deny" |
no |
default_tags_enabled |
Option to enable or disable default tags. |
bool |
true |
no |
environment |
Project environment |
string |
n/a |
yes |
extra_tags |
Additional tags to associate with your Azure Container Registry. |
map(string) |
{} |
no |
file_shares |
List of objects to create some File Shares in this Storage Account. |
list(object({ name = string quota_in_gb = number enabled_protocol = optional(string) metadata = optional(map(string)) acl = optional(list(object({ id = string permissions = string start = optional(string) expiry = optional(string) }))) })) |
[] |
no |
hns_enabled |
Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2 and must be true if nfsv3_enabled is set to true . Changing this forces a new resource to be created. |
bool |
false |
no |
https_traffic_only_enabled |
Boolean flag which forces HTTPS if enabled. |
bool |
true |
no |
identity_ids |
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Storage Account. |
list(string) |
null |
no |
identity_type |
Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are SystemAssigned , UserAssigned , SystemAssigned, UserAssigned (to enable both). |
string |
"SystemAssigned" |
no |
location |
Azure location |
string |
n/a |
yes |
location_short |
Short string for Azure location |
string |
n/a |
yes |
logs_categories |
Log categories to send to destinations. |
list(string) |
null |
no |
logs_destinations_ids |
List of destination resources Ids for logs diagnostics destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. Empty list to disable logging. |
list(string) |
n/a |
yes |
logs_metrics_categories |
Metrics categories to send to destinations. |
list(string) |
null |
no |
logs_retention_days |
Number of days to keep logs on storage account |
number |
30 |
no |
min_tls_version |
The minimum supported TLS version for the storage account. Possible values are TLS1_0 , TLS1_1 , and TLS1_2 . |
string |
"TLS1_2" |
no |
name_prefix |
Optional prefix for the generated name |
string |
"" |
no |
name_suffix |
Optional suffix for the generated name |
string |
"" |
no |
network_bypass |
Specifies whether traffic is bypassed for 'Logging', 'Metrics', 'AzureServices' or 'None'. |
list(string) |
[ "None" ] |
no |
network_rules_enabled |
Boolean to enable Network Rules on the Storage Account, requires network_bypass , ip_rules , subnet_ids or default_firewall_action correctly set if enabled. |
bool |
true |
no |
nfsv3_enabled |
Is NFSv3 protocol enabled? Changing this forces a new resource to be created. |
bool |
false |
no |
public_nested_items_allowed |
Allow or disallow nested items within this Account to opt into being public. |
bool |
false |
no |
queues |
List of objects to create some Queues in this Storage Account. |
list(object({ name = string metadata = optional(map(string)) })) |
[] |
no |
resource_group_name |
Resource group name |
string |
n/a |
yes |
shared_access_key_enabled |
Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). |
bool |
true |
no |
stack |
Project stack name |
string |
n/a |
yes |
static_website_config |
Static website configuration. Can only be set when the account_kind is set to StorageV2 or BlockBlobStorage . |
object({ index_document = optional(string) error_404_document = optional(string) }) |
null |
no |
storage_account_custom_name |
Custom Azure Storage Account name, generated if not set |
string |
"" |
no |
storage_blob_data_protection |
Storage account blob Data protection parameters. |
object({ change_feed_enabled = bool versioning_enabled = bool delete_retention_policy_in_days = number container_delete_retention_policy_in_days = number container_point_in_time_restore = bool }) |
{ "change_feed_enabled": true, "container_delete_retention_policy_in_days": 30, "container_point_in_time_restore": true, "delete_retention_policy_in_days": 30, "versioning_enabled": true } |
no |
subnet_ids |
Subnets to allow access to that storage account. |
list(string) |
[] |
no |
tables |
List of objects to create some Tables in this Storage Account. |
list(object({ name = string acl = optional(list(object({ id = string permissions = string start = optional(string) expiry = optional(string) }))) })) |
[] |
no |
use_caf_naming |
Use the Azure CAF naming provider to generate default resource name. storage_account_custom_name override this if set. Legacy default name is used if this is set to false . |
bool |
true |
no |
use_subdomain |
Should the Custom Domain Name be validated by using indirect CNAME validation? |
bool |
false |
no |