terraform-azure-mcaf-storage-account

Terraform module that will deploy some infra that could be used for Azure Devops icm Terraform

Requirements

Name	Version
terraform	>= 1.9
azurerm	>= 4, < 5.0

Providers

Name	Version
azurerm	>= 4, < 5.0

Modules

No modules.

Resources

Name	Type
azurerm_role_assignment.cmk	resource
azurerm_role_assignment.extra	resource
azurerm_role_assignment.this	resource
azurerm_storage_account.this	resource
azurerm_storage_account_customer_managed_key.this	resource
azurerm_storage_account_network_rules.this	resource
azurerm_storage_container.this	resource
azurerm_storage_management_policy.this	resource
azurerm_storage_share.this	resource
azurerm_client_config.current	data source

Inputs

Name	Description	Type	Default	Required
location	Location of the Storage account	string	n/a	yes
name	Name of the Storage Account	string	n/a	yes
resource_group_name	Name of the resource group to Create the Storage account in	string	n/a	yes
access_tier	Access tier for the storage account. Valid options are Hot and Cool. Defaults to Hot.	string	"Hot"	no
account_kind	Type of account to create. Valid options are Storage, StorageV2, BlobStorage, FileStorage, BlockBlobStorage, and StorageV2. Defaults to StorageV2.	string	"StorageV2"	no
account_replication_type	Type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS, and RA_GZRS. Defaults to ZRS.	string	"ZRS"	no
account_tier	Tier to use for this storage account. Valid options are Standard and Premium. Defaults to Standard.	string	"Standard"	no
allowed_copy_scope	Restrict copy scope for the storage account, valid values are 'Unrestricted', 'AAD' and 'PrivateLink'. Defaults to 'PrivateLink'. Unrestricted matches Azure Default of 'null'.	string	"PrivateLink"	no
change_feed_enabled	Enable or Disable change feed events for the storage account. Defaults to true.	bool	true	no
cmk_key_name	Name of the Key (within the cmk_key_vault_id) to use as the Customer Managed Key	string	null	no
cmk_key_vault_id	ID of the Key Vault to use for the Customer Managed Key	string	null	no
contributors	set of principal IDs that are allowed to be contributor on this storage account. Defaults to an empty set.	set(string)	[]	no
cross_tenant_replication_enabled	Allow or disallow cross Tenant replication for this storage account. Defaults to false.	bool	false	no
default_to_oauth_authentication	Allow or disallow defaulting to OAuth authentication for this storage account. Defaults to true.	bool	true	no
enable_cmk_encryption	Optional variable to enable support for cmk encryption for tables and queues while not setting the cmk encryption. Defaults to false	bool	false	no
immutability_policy	immutability policy settings for the storage account. Defaults to null which does not set any immutability policy	object({ state = optional(string, "Unlocked") allow_protected_append_writes = optional(bool, true) period_since_creation_in_days = optional(number, 14) })	null	no
infrastructure_encryption_enabled	Allow or disallow infrastructure encryption for this storage account. Defaults to true.	bool	true	no
min_tls_version	The minimum TLS version to allow for requests to this storage account. Valid options are 'TLS1_0', 'TLS1_1', and 'TLS1_2'. Defaults to 'TLS1_2'.	string	"TLS1_2"	no
network_configuration	the network configuration for the storage account. Defaults to no public access and https enforced	object({ https_traffic_only_enabled = optional(bool, true) allow_nested_items_to_be_public = optional(bool, false) public_network_access_enabled = optional(bool, false) default_action = optional(string, "Deny") virtual_network_subnet_ids = optional(set(string), []) ip_rules = optional(set(string), []) bypass = optional(set(string), ["AzureServices"]) })	{ "allow_nested_items_to_be_public": false, "bypass": [ "AzureServices" ], "default_action": "Deny", "https_traffic_only_enabled": true, "ip_rules": [], "public_network_access_enabled": false, "virtual_network_subnet_ids": [] }	no
sftp_enabled	Allow or disallow SFTP access to this storage account. Defaults to false.	bool	false	no
shared_access_key_enabled	Allow or disallow shared access keys for this storage account. Defaults to false.	bool	false	no
storage_containers	Map of Storage Containers to Create and whether the container should be publically accessible. Defaults to private.	map(object({ access_type = optional(string, "private") }))	{}	no
storage_file_shares	Map of Storage File Shares to Create and their properties. Defaults to an empty map. - access_tier - (Optional) The access tier for the file share. Valid options are Hot, Cool, and TransactionOptimized. Defaults to Hot. - enabled_protocol - (Optional) The protocol to use for the file share. Valid options are SMB and NFS. Defaults to SMB. - quota - (Optional) The maximum size of the share, in gigabytes. For Standard storage accounts, this must be 1GB (or higher) and at most 5120 GB (5 TB). For Premium FileStorage storage accounts, this must be greater than 100 GB and at most 102400 GB (100 TB). Example: storage_file_shares = { "share1" = { access_tier = "Hot" enabled_protocol = "SMB" quota = 1 } "share2" = { access_tier = "Cool" enabled_protocol = "NFS" quota = 5120 } "share3" = { access_tier = "TransactionOptimized" enabled_protocol = "SMB" quota = 500 } "share4" = { access_tier = "Premium" enabled_protocol = "SMB" quota = 102400 } }	map(object({ access_tier = optional(string, "Hot") enabled_protocol = optional(string, "SMB") quota = optional(number, 1) }))	{}	no
storage_management_policy	the storage management policy of the base blob of the storage account, the builtin management policy only applies to the base blob and only supports last modification time to keep simplicity, for more advanced configurations do not set any move_to_* or delete_after_* and refer to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy	object({ blob_delete_retention_days = optional(number, 90) container_delete_retention_days = optional(number, 90) move_to_cool_after_days = optional(number, null) move_to_cold_after_days = optional(number, null) move_to_archive_after_days = optional(number, null) delete_after_days = optional(number, null) })	{ "blob_delete_retention_days": 90, "container_delete_retention_days": 90, "delete_after_days": null, "move_to_archive_after_days": null, "move_to_cold_after_days": null, "move_to_cool_after_days": null }	no
system_assigned_identity_enabled	Enable or disable the system-assigned managed identity for this storage account. Defaults to true.	bool	true	no
tags	A map of tags to assign to the resource.	map(string)	{}	no
user_assigned_identities	set of user assigned identities to assign to the storage account. Defaults to an empty set.	set(string)	[]	no
versioning_enabled	Enable or Disable versioning is for the storage account. Defaults to true.	bool	true	no

Outputs

Name	Description
endpoints	Endpoint information of the storage account
id	Resource Id of the storage account
name	Name of the storage account

License

Copyright: Schuberg Philis

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.