diff --git a/README.md b/README.md
index 17d297b..bb053fe 100644
--- a/README.md
+++ b/README.md
@@ -49,14 +49,14 @@ No modules.
 | <a name="input_change_feed_enabled"></a> [change\_feed\_enabled](#input\_change\_feed\_enabled) | Enable or Disable change feed events for the storage account. Defaults to true. | `bool` | `true` | no |
 | <a name="input_cmk_key_name"></a> [cmk\_key\_name](#input\_cmk\_key\_name) | Name of the Key (within the cmk\_key\_vault\_id) to use as the Customer Managed Key | `string` | `null` | no |
 | <a name="input_cmk_key_vault_id"></a> [cmk\_key\_vault\_id](#input\_cmk\_key\_vault\_id) | ID of the Key Vault to use for the Customer Managed Key | `string` | `null` | no |
-| <a name="input_contributors"></a> [contributors](#input\_contributors) | List of principal IDs that are allowed to be contributor on this storage account. Defaults to an empty list. | `list(string)` | `[]` | no |
+| <a name="input_contributors"></a> [contributors](#input\_contributors) | set of principal IDs that are allowed to be contributor on this storage account. Defaults to an empty set. | `set(string)` | `[]` | no |
 | <a name="input_cross_tenant_replication_enabled"></a> [cross\_tenant\_replication\_enabled](#input\_cross\_tenant\_replication\_enabled) | Allow or disallow cross Tenant replication for this storage account. Defaults to false. | `bool` | `false` | no |
 | <a name="input_default_to_oauth_authentication"></a> [default\_to\_oauth\_authentication](#input\_default\_to\_oauth\_authentication) | Allow or disallow defaulting to OAuth authentication for this storage account. Defaults to true. | `bool` | `true` | no |
 | <a name="input_enable_cmk_encryption"></a> [enable\_cmk\_encryption](#input\_enable\_cmk\_encryption) | Optional variable to enable support for cmk encryption for tables and queues while not setting the cmk encryption. Defaults to false | `bool` | `false` | no |
 | <a name="input_immutability_policy"></a> [immutability\_policy](#input\_immutability\_policy) | immutability policy settings for the storage account. Defaults to null which does not set any immutability policy | <pre>object({<br>    state                         = optional(string, "Unlocked")<br>    allow_protected_append_writes = optional(bool, true)<br>    period_since_creation_in_days = optional(number, 14)<br>  })</pre> | `null` | no |
 | <a name="input_infrastructure_encryption_enabled"></a> [infrastructure\_encryption\_enabled](#input\_infrastructure\_encryption\_enabled) | Allow or disallow infrastructure encryption for this storage account. Defaults to true. | `bool` | `true` | no |
 | <a name="input_min_tls_version"></a> [min\_tls\_version](#input\_min\_tls\_version) | The minimum TLS version to allow for requests to this storage account. Valid options are 'TLS1\_0', 'TLS1\_1', and 'TLS1\_2'. Defaults to 'TLS1\_2'. | `string` | `"TLS1_2"` | no |
-| <a name="input_network_configuration"></a> [network\_configuration](#input\_network\_configuration) | the network configuration for the storage account. Defaults to no public access and https enforced | <pre>object({<br>    https_traffic_only_enabled      = optional(bool, true)<br>    allow_nested_items_to_be_public = optional(bool, false)<br>    public_network_access_enabled   = optional(bool, false)<br>    default_action                  = optional(string, "Deny")<br>    virtual_network_subnet_ids      = optional(list(string), [])<br>    ip_rules                        = optional(list(string), [])<br>    bypass                          = optional(list(string), ["AzureServices"])<br>  })</pre> | <pre>{<br>  "allow_nested_items_to_be_public": false,<br>  "bypass": [<br>    "AzureServices"<br>  ],<br>  "default_action": "Deny",<br>  "https_traffic_only_enabled": true,<br>  "ip_rules": [],<br>  "public_network_access_enabled": false,<br>  "virtual_network_subnet_ids": []<br>}</pre> | no |
+| <a name="input_network_configuration"></a> [network\_configuration](#input\_network\_configuration) | the network configuration for the storage account. Defaults to no public access and https enforced | <pre>object({<br>    https_traffic_only_enabled      = optional(bool, true)<br>    allow_nested_items_to_be_public = optional(bool, false)<br>    public_network_access_enabled   = optional(bool, false)<br>    default_action                  = optional(string, "Deny")<br>    virtual_network_subnet_ids      = optional(set(string), [])<br>    ip_rules                        = optional(set(string), [])<br>    bypass                          = optional(set(string), ["AzureServices"])<br>  })</pre> | <pre>{<br>  "allow_nested_items_to_be_public": false,<br>  "bypass": [<br>    "AzureServices"<br>  ],<br>  "default_action": "Deny",<br>  "https_traffic_only_enabled": true,<br>  "ip_rules": [],<br>  "public_network_access_enabled": false,<br>  "virtual_network_subnet_ids": []<br>}</pre> | no |
 | <a name="input_sftp_enabled"></a> [sftp\_enabled](#input\_sftp\_enabled) | Allow or disallow SFTP access to this storage account. Defaults to false. | `bool` | `false` | no |
 | <a name="input_shared_access_key_enabled"></a> [shared\_access\_key\_enabled](#input\_shared\_access\_key\_enabled) | Allow or disallow shared access keys for this storage account. Defaults to false. | `bool` | `false` | no |
 | <a name="input_storage_containers"></a> [storage\_containers](#input\_storage\_containers) | Map of Storage Containers to Create and whether the container should be publically accessible. Defaults to private. | <pre>map(object({<br>    access_type = optional(string, "private")<br>  }))</pre> | `{}` | no |
@@ -64,7 +64,7 @@ No modules.
 | <a name="input_storage_management_policy"></a> [storage\_management\_policy](#input\_storage\_management\_policy) | the storage management policy of the base blob of the storage account, the builtin management policy only applies to the base blob and only supports last modification time to keep simplicity, for more advanced configurations do not set any move\_to\_* or delete\_after\_* and refer to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_management_policy | <pre>object({<br>    blob_delete_retention_days      = optional(number, 90)<br>    container_delete_retention_days = optional(number, 90)<br>    move_to_cool_after_days         = optional(number, null)<br>    move_to_cold_after_days         = optional(number, null)<br>    move_to_archive_after_days      = optional(number, null)<br>    delete_after_days               = optional(number, null)<br>  })</pre> | <pre>{<br>  "blob_delete_retention_days": 90,<br>  "container_delete_retention_days": 90,<br>  "delete_after_days": null,<br>  "move_to_archive_after_days": null,<br>  "move_to_cold_after_days": null,<br>  "move_to_cool_after_days": null<br>}</pre> | no |
 | <a name="input_system_assigned_identity_enabled"></a> [system\_assigned\_identity\_enabled](#input\_system\_assigned\_identity\_enabled) | Enable or disable the system-assigned managed identity for this storage account. Defaults to true. | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |
-| <a name="input_user_assigned_identities"></a> [user\_assigned\_identities](#input\_user\_assigned\_identities) | List of user assigned identities to assign to the storage account. Defaults to an empty list. | `list(string)` | `[]` | no |
+| <a name="input_user_assigned_identities"></a> [user\_assigned\_identities](#input\_user\_assigned\_identities) | set of user assigned identities to assign to the storage account. Defaults to an empty set. | `set(string)` | `[]` | no |
 | <a name="input_versioning_enabled"></a> [versioning\_enabled](#input\_versioning\_enabled) | Enable or Disable versioning is for the storage account. Defaults to true. | `bool` | `true` | no |
 
 ## Outputs
diff --git a/variables.tf b/variables.tf
index 97cc276..aa6a39d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -94,9 +94,9 @@ variable "system_assigned_identity_enabled" {
 }
 
 variable "user_assigned_identities" {
-  type        = list(string)
+  type        = set(string)
   default     = []
-  description = "List of user assigned identities to assign to the storage account. Defaults to an empty list."
+  description = "set of user assigned identities to assign to the storage account. Defaults to an empty set."
 }
 
 variable "versioning_enabled" {
@@ -183,9 +183,9 @@ DESCRIPTION
 }
 
 variable "contributors" {
-  type        = list(string)
+  type        = set(string)
   default     = []
-  description = "List of principal IDs that are allowed to be contributor on this storage account. Defaults to an empty list."
+  description = "set of principal IDs that are allowed to be contributor on this storage account. Defaults to an empty set."
 }
 
 variable "enable_cmk_encryption" {
@@ -249,9 +249,9 @@ variable "network_configuration" {
     allow_nested_items_to_be_public = optional(bool, false)
     public_network_access_enabled   = optional(bool, false)
     default_action                  = optional(string, "Deny")
-    virtual_network_subnet_ids      = optional(list(string), [])
-    ip_rules                        = optional(list(string), [])
-    bypass                          = optional(list(string), ["AzureServices"])
+    virtual_network_subnet_ids      = optional(set(string), [])
+    ip_rules                        = optional(set(string), [])
+    bypass                          = optional(set(string), ["AzureServices"])
   })
   default = {
     https_traffic_only_enabled      = true