All products Terraform Azure azurerm
tf-azure-blob-storage

The module creates a storage account and blob storage in it with default service-side encryption in the existing resource group in Azure. Allows configuring essential parameters:

  • toggle versioning
  • toggle access mode
  • attach externally defined policies
  • toggle replication

Azure Blob Storage

Blob Storage management in Azure
$350
Version:
1.0.1
0
0
v1.0.1
4
v1.0.0
BUY
4
License
Log in to Corewide IaC registry

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com
Provision instructions

Initialize mandatory providers:

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_azure_blob_storage" {
  source  = "solutions.corewide.com/azure/tf-azure-blob-storage/azurerm"
  version = "~> 1.0.1"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init
Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 1.0 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "1.0.1"

v1.0.1 released 1 month, 1 week ago
New version approx. every 2 weeks
Changelog

Setup publicly accessible blob with a random suffix in the name, versioning, replication, and custom policy:

 hclresource "azurerm_resource_group" "blob_storage" {
  name     = "blob-storage"
  location = "westeurope"
}

data "azurerm_kubernetes_cluster" "aks" {
  name                = "cluster-name"
  resource_group_name = "resource-group-name"
}

module "bucket" {
  source  = "solutions.corewide.com/azure/tf-azure-blob-storage/azurerm"
  version = "~> 1.0"

  storage_account_name     = "blobstorage01"
  name                     = "test-blob-storage"
  add_random_suffix        = true
  resource_group_name      = azurerm_resource_group.blob_storage.name
  region                   = azurerm_resource_group.blob_storage.location
  account_replication_type = "LRS"
  access_mode              = "public-read"
  versioning               = true

  delete_retention_policy = {
    blob_delete_retention_days      = 20
    permanent_delete_enabled        = false
    container_delete_retention_days = 20
  }

  blob_policies = [
    {
      principal_id         = data.azurerm_kubernetes_cluster.aks.kubelet_identity[0].object_id
      role_definition_name = "Storage Blob Data Contributor"
    },
    {
      principal_id         = "principal-id12-1234-5678-827346508432"
      role_definition_name = "Storage Blob Data Reader"
    },
  ]
}

Minimal setup with required parameters only:

 hclresource "azurerm_resource_group" "blob_storage" {
  name     = "blob-storage"
  location = "westeurope"
}

module "bucket" {
  source  = "solutions.corewide.com/azure/tf-azure-blob-storage/azurerm"
  version = "~> 1.0"

  storage_account_name = "blobstorage01"
  name                 = "test-blob-storage"
  resource_group_name  = azurerm_resource_group.blob_storage.name
  region               = azurerm_resource_group.blob_storage.location
}
Variable Description Type Default Required Sensitive
name Blob storage name. Length is from 3 to 56 characters, or to 63 characters when add_random_suffix is enabled string yes no
region The location/region to create storage account and blob storage in string yes no
resource_group_name The name of the resource group where the storage account will be created string yes no
storage_account_name Storage account name. Length is from 3 to 24 characters, or to 18 characters when add_random_suffix is enabled string yes no
access_mode Blob storage access mode. Allowed values: private, public-read string private no no
access_tier Defines the access tier for blob storage. Allowed values: Hot, Cool string Hot no no
account_replication_type The replication type for the storage account. Options: LRS, GRS, RAGRS, ZRS, GZRS, and RAGZRS string LRS no no
account_tier Defines the account tier to use for storage account. Allowed values: Standard, Premium string Standard no no
add_random_suffix Append a random suffix to the blob storage name to ensure uniqueness. Modifying this variable will trigger the re-creation of the blob bool false no no
blob_policies A map of valid IAM policy data to apply to the blob storage list(object) [] no no
blob_policies[*].principal_id The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to string yes no
blob_policies[*].role_definition_name The name of a built-in Role string yes no
cross_tenant_replication_enabled Toggle cross tenant replication bool false no no
delete_retention_policy An object of delete retention policies object {} no no
delete_retention_policy.blob_delete_retention_days The number of days that the blob should be retained, between 1 and 365 days number 7 no no
delete_retention_policy.container_delete_retention_days The number of days that the container should be retained, between 1 and 365 days number 7 no no
delete_retention_policy.permanent_delete_enabled Indicates whether permanent deletion of the soft deleted blob versions and snapshots is allowed bool false no no
versioning Toggle blob storage versioning bool true no no
Output Description Type Sensitive
storage_account Contains all the storage account attributes resource yes
storage_container Contains all the storage container attributes resource no
Dependency Version Kind
terraform >= 1.3 CLI
hashicorp/azurerm ~> 4.2 provider
hashicorp/random ~> 3.3 provider

References

Not sure where to start?
Let's find your perfect match.