This module provides a Terraform configuration for deploying various Azure resources as part of your infrastructure. The configuration includes the deployment of resource groups, virtual networks, subnets, storage.
To use this module, you should have Terraform installed and configured for AZURE. This module provides the necessary Terraform configuration for creating AZURE resources, and you can customize the inputs as needed. Below is an example of how to use this module:
module "storage" {
source = "git::https://github.com/opsstation/terraform-azure-storage.git?ref=v1.0.0"
name = "app"
environment = "test"
default_enabled = true
resource_group_name = module.resource_group.resource_group_name
location = "North Europe"
storage_account_name = "opsstation"
public_network_access_enabled = true
## Storage Container
containers_list = [
{ name = "app-test", access_type = "private" },
{ name = "app2", access_type = "private" },
]
## Storage File Share
file_shares = [
{ name = "fileshare1", quota = 5 },
]
## Storage Tables
tables = ["table1"]
## Storage Queues
queues = ["queue1"]
enable_private_endpoint = false
}module "storage_with_cmk" {
source = "git::https://github.com/opsstation/terraform-azure-storage.git?ref=v1.0.0"
name = "app"
environment = "test"
label_order = ["name", "environment", ]
resource_group_name = module.resource_group.resource_group_name
location = module.resource_group.resource_group_location
storage_account_name = "opsstation"
account_kind = "BlockBlobStorage"
account_tier = "Premium"
identity_type = "UserAssigned"
object_id = ["xxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
account_replication_type = "ZRS"
###customer_managed_key can only be set when the account_kind is set to StorageV2 or account_tier set to Premium, and the identity type is UserAssigned.
key_vault_id = module.vault.id
## Storage Container
containers_list = [
{ name = "app-test", access_type = "private" },
]
virtual_network_id = module.vnet.id
subnet_id = module.subnet.default_subnet_id
}This example demonstrates how to create various AZURE resources using the provided modules. Adjust the input values to suit your specific requirements.
For detailed examples on how to use this module, please refer to the examples directory within this repository.
This Terraform module is provided under the MIT License. Please see the LICENSE file for more details.
Your Name Replace MIT and OpsStation with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| azurerm | >=2.90.0 |
| Name | Version |
|---|---|
| azurerm | >=2.90.0 |
| azurerm.peer | >=2.90.0 |
| Name | Source | Version |
|---|---|---|
| labels | git::https://github.com/opsstation/terraform-azure-labels.git | v1.0.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_tier | Defines the access tier for BlobStorage and StorageV2 accounts. Valid options are Hot and Cool. | any |
"Hot" |
no |
| account_kind | The type of storage account. Valid options are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2. | string |
"StorageV2" |
no |
| account_replication_type | Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa. | string |
"GRS" |
no |
| account_tier | Defines the Tier to use for this storage account. Valid options are Standard and Premium. For BlockBlobStorage and FileStorage accounts only Premium is valid. Changing this forces a new resource to be created. | string |
"Standard" |
no |
| addon_resource_group_name | The name of the addon vnet resource group | string |
"" |
no |
| addon_vent_link | The name of the addon vnet | bool |
false |
no |
| addon_virtual_network_id | The name of the addon vnet link vnet id | string |
"" |
no |
| alias_sub | n/a | string |
null |
no |
| allow_nested_items_to_be_public | Allow or disallow nested items within this Account to opt into being public. Defaults to true. | bool |
true |
no |
| containers_list | List of containers to create and their access levels. | list(object({ name = string, access_type = string })) |
[] |
no |
| cross_tenant_replication_enabled | Should cross Tenant replication be enabled? Defaults to true. | bool |
true |
no |
| default_enabled | n/a | bool |
false |
no |
| default_to_oauth_authentication | Default to Azure Active Directory authorization in the Azure portal when accessing the Storage Account. The default value is false | bool |
false |
no |
| diff_sub | The name of the addon vnet | bool |
false |
no |
| enable_advanced_threat_protection | Boolean flag which controls if advanced threat protection is enabled. | bool |
true |
no |
| enable_https_traffic_only | Boolean flag which forces HTTPS if enabled, see here for more information. | bool |
true |
no |
| enable_private_endpoint | enable or disable private endpoint to storage account | bool |
true |
no |
| enabled | Set to false to prevent the module from creating any resources. | bool |
true |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| existing_private_dns_zone | Name of the existing private DNS zone | string |
null |
no |
| existing_private_dns_zone_resource_group_name | The name of the existing resource group | string |
"" |
no |
| file_shares | List of containers to create and their access levels. | list(object({ name = string, quota = number })) |
[] |
no |
| identity_type | Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both). |
string |
"SystemAssigned" |
no |
| infrastructure_encryption_enabled | Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to false. | bool |
true |
no |
| is_hns_enabled | Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2. Changing this forces a new resource to be created. | bool |
false |
no |
| key_vault_id | n/a | string |
null |
no |
| label_order | Label order, e.g. sequence of application name and environment name,environment,'attribute' [webserver,qa,devops,public,] . |
list(any) |
[] |
no |
| last_access_time_enabled | (Optional) Is the last access time based tracking enabled? Default to true. | bool |
false |
no |
| location | The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table' | string |
"North Europe" |
no |
| managedby | ManagedBy, eg 'Identos'. | string |
"" |
no |
| management_policy | Configure Azure Storage firewalls and virtual networks | list(object({ |
[ |
no |
| management_policy_enable | n/a | bool |
false |
no |
| min_tls_version | The minimum supported TLS version for the storage account | string |
"TLS1_2" |
no |
| multi_sub_vnet_link | Flag to control creation of vnet link for dns zone in different subscription | bool |
false |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| network_rules | List of objects that represent the configuration of each network rules. | list(object({ default_action = string, ip_rules = list(string), bypass = list(string) })) |
[ |
no |
| object_id | n/a | list(string) |
[] |
no |
| public_network_access_enabled | Whether the public network access is enabled? Defaults to true. | bool |
true |
no |
| queues | List of storages queues | list(string) |
[] |
no |
| repository | Terraform current module repo | string |
"https://github.com/clouddrove/terraform-azure-storage.git" |
no |
| resource_group_name | A container that holds related resources for an Azure solution | string |
"" |
no |
| sftp_enabled | Boolean, enable SFTP for the storage account | bool |
false |
no |
| shared_access_key_enabled | Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is true. | bool |
true |
no |
| soft_delete_retention | Number of retention days for soft delete. If set to null it will disable soft delete all together. | number |
30 |
no |
| storage_account_name | The name of the azure storage account | string |
"" |
no |
| subnet_id | The resource ID of the subnet | string |
"" |
no |
| tables | List of storage tables. | list(string) |
[] |
no |
| versioning_enabled | Is versioning enabled? Default to false. | bool |
true |
no |
| virtual_network_id | The name of the virtual network | string |
"" |
no |
| Name | Description |
|---|---|
| cmk_storage_account_id | The ID of the storage account. |
| cmk_storage_account_name | The name of the storage account. |
| containers | Map of containers. |
| default_storage_account_id | The ID of the storage account. |
| default_storage_account_name | The name of the storage account. |
| default_storage_account_primary_blob_endpoint | The endpoint URL for blob storage in the primary location. |
| default_storage_account_primary_location | The primary location of the storage account |
| default_storage_account_primary_web_endpoint | The endpoint URL for web storage in the primary location. |
| default_storage_account_primary_web_host | The hostname with port if applicable for web storage in the primary location. |
| default_storage_primary_access_key | The primary access key for the storage account |
| default_storage_primary_connection_string | The primary connection string for the storage account |
| file_shares | Map of Storage SMB file shares. |
| queues | Map of Storage SMB file shares. |
| tables | Map of Storage SMB file shares. |