Skip to content

Latest commit

 

History

History
112 lines (108 loc) · 16.1 KB

io.md

File metadata and controls

112 lines (108 loc) · 16.1 KB
Raw

Inputs

Name Description Type Default Required
Metric_enable Is this Diagnostic Metric enabled? Defaults to true. bool true no
access_tier Defines the access tier for BlobStorage and StorageV2 accounts. Valid options are Hot and Cool. string "Hot" no
account_kind The type of storage account. Valid options are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2. string "StorageV2" no
account_replication_type Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Changing this forces a new resource to be created when types LRS, GRS and RAGRS are changed to ZRS, GZRS or RAGZRS and vice versa. string "LRS" no
account_tier Defines the Tier to use for this storage account. Valid options are Standard and Premium. For BlockBlobStorage and FileStorage accounts only Premium is valid. Changing this forces a new resource to be created. string "Standard" no
addon_resource_group_name The name of the addon vnet resource group string null no
addon_vent_link The name of the addon vnet bool false no
addon_virtual_network_id The name of the addon vnet link vnet id string null no
admin_objects_ids IDs of the objects that can do all operations on all keys, secrets and certificates. list(string) [] no
alias_sub n/a string null no
allow_nested_items_to_be_public Allow or disallow nested items within this Account to opt into being public. Defaults to true. bool false no
allowed_copy_scope Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. Possible values are AAD and PrivateLink. string "PrivateLink" no
cmk_encryption_enabled Whether to create CMK or not bool false no
containers_list List of containers to create and their access levels. list(object({ name = string, access_type = string })) [] no
cross_tenant_replication_enabled Should cross Tenant replication be enabled? Defaults to true. bool true no
custom_domain_name The Custom Domain Name to use for the Storage Account, which will be validated by Azure. string null no
datastorages n/a list(string) 
[
  "blob",
  "queue",
  "table",
  "file"
]
 no
default_to_oauth_authentication Default to Azure Active Directory authorization in the Azure portal when accessing the Storage Account. The default value is false bool false no
diff_sub The name of the addon vnet bool false no
edge_zone Specifies the Edge Zone within the Azure Region where this Storage Account should exist. string null no
enable_advanced_threat_protection Boolean flag which controls if advanced threat protection is enabled. bool true no
enable_diagnostic Set to false to prevent the module from creating the diagnosys setting for the NSG Resource.. bool false no
enable_file_share_cors_rules Whether or not enable file share cors rules. bool false no
enable_hour_metrics Enable or disable the creation of the hour_metrics block. bool false no
enable_https_traffic_only Boolean flag which forces HTTPS if enabled, see here for more information. bool true no
enable_minute_metrics Enable or disable the creation of the minute_metrics block. bool false no
enable_private_endpoint enable or disable private endpoint to storage account bool true no
enable_private_link_access Enable or disable the creation of the private_link_access. bool false no
enable_routing Enable or disable the creation of the routing block. bool false no
enable_sas_policy Enable or disable the creation of the sas_policy block. bool false no
enabled Set to false to prevent the module from creating any resources. bool true no
environment Environment (e.g. prod, dev, staging). string "" no
eventhub_authorization_rule_id Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG. string null no
eventhub_name Eventhub Name to pass it to destination details of diagnosys setting of NSG. string null no
existing_private_dns_zone Name of the existing private DNS zone string null no
existing_private_dns_zone_resource_group_name The name of the existing resource group string null no
expiration_date Expiration UTC datetime (Y-m-d'T'H:M:S'Z') string "2034-10-22T18:29:59Z" no
extra_tags Variable to pass extra tags. map(string) null no
file_share_authentication Storage Account file shares authentication configuration. 
object({
    directory_type = string
    active_directory = optional(object({
      storage_sid         = string
      domain_name         = string
      domain_sid          = string
      domain_guid         = string
      forest_name         = string
      netbios_domain_name = string
    }))
  })
 null no
file_share_cors_rules Storage Account file shares CORS rule. Please refer to the documentation for more information. 
list(object({
    allowed_headers    = list(string)
    allowed_methods    = list(string)
    allowed_origins    = list(string)
    exposed_headers    = list(string)
    max_age_in_seconds = number
  }))
 null no
file_share_properties_smb Storage Account file shares smb properties. 
object({
    versions                        = optional(list(string))
    authentication_types            = optional(list(string))
    kerberos_ticket_encryption_type = optional(list(string))
    channel_encryption_type         = optional(list(string))
    multichannel_enabled            = optional(bool)
  })
 null no
file_share_retention_policy_in_days Storage Account file shares retention policy in days. Enabling this may require additional directory permissions. number null no
file_shares List of containers to create and their access levels. list(object({ name = string, quota = number })) [] no
hour_metrics n/a 
object({
    enabled               = bool
    version               = string
    include_apis          = bool
    retention_policy_days = number
  })
 
{
  "enabled": false,
  "include_apis": false,
  "retention_policy_days": 7,
  "version": ""
}
 no
identity_type Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned (to enable both). string "UserAssigned" no
infrastructure_encryption_enabled Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to false. bool true no
is_hns_enabled Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2. Changing this forces a new resource to be created. bool false no
key_vault_id n/a string "" no
key_vault_rbac_auth_enabled Is key vault has role base access enable or not. bool true no
label_order Label order, e.g. sequence of application name and environment name,environment,'attribute' [webserver,qa,devops,public,] . list(any) 
[
  "name",
  "environment"
]
 no
large_file_share_enabled Is Large File Share Enabled? bool false no
location The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table' string "North Europe" no
log_analytics_destination_type Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table. string "AzureDiagnostics" no
log_analytics_workspace_id log analytics workspace id to pass it to destination details of diagnosys setting of NSG. string null no
logs n/a list(string) 
[
  "StorageWrite",
  "StorageRead",
  "StorageDelete"
]
 no
managedby ManagedBy, eg 'Identos'. string "" no
management_policy Configure Azure Storage firewalls and virtual networks 
list(object({
    prefix_match               = set(string)
    tier_to_cool_after_days    = number
    tier_to_archive_after_days = number
    delete_after_days          = number
    snapshot_delete_after_days = number
  }))
 
[
  {
    "delete_after_days": 100,
    "prefix_match": null,
    "snapshot_delete_after_days": 30,
    "tier_to_archive_after_days": 50,
    "tier_to_cool_after_days": 0
  }
]
 no
management_policy_enable n/a bool false no
metrics n/a list(string) 
[
  "Transaction",
  "Capacity"
]
 no
metrics_enabled n/a list(bool) 
[
  true,
  true
]
 no
min_tls_version The minimum supported TLS version for the storage account string "TLS1_2" no
minute_metrics n/a 
list(object({
    enabled               = bool
    version               = string
    include_apis          = bool
    retention_policy_days = number
  }))
 
[
  {
    "enabled": false,
    "include_apis": false,
    "retention_policy_days": 7,
    "version": ""
  }
]
 no
multi_sub_vnet_link Flag to control creation of vnet link for dns zone in different subscription bool false no
name Name (e.g. app or cluster). string "" no
network_rules List of objects that represent the configuration of each network rules. map(string) {} no
nfsv3_enabled Is NFSv3 protocol enabled? Changing this forces a new resource to be created. bool false no
private_link_access List of Privatelink objects to allow access from. 
list(object({
    endpoint_resource_id = string
    endpoint_tenant_id   = string
  }))
 [] no
public_network_access_enabled Whether the public network access is enabled? Defaults to true. bool true no
queue_encryption_key_type The encryption type of the queue service. Possible values are 'Service' and 'Account'. string "Account" no
queue_properties_logging Logging queue properties 
object({
    delete                = optional(bool)
    read                  = optional(bool)
    write                 = optional(bool)
    version               = optional(string)
    retention_policy_days = optional(number)
  })
 
{
  "delete": true,
  "read": true,
  "retention_policy_days": 7,
  "version": "1.0",
  "write": true
}
 no
queues List of storages queues list(string) [] no
repository Terraform current module repo string "https://github.com/clouddrove/terraform-azure-storage.git" no
resource_group_name A container that holds related resources for an Azure solution string "" no
restore_policy Wheteher or not create restore policy bool false no
rotation_policy n/a 
map(object({
    time_before_expiry   = string
    expire_after         = string
    notify_before_expiry = string
  }))
 null no
rotation_policy_enabled Whether or not to enable rotation policy bool false no
routing n/a 
list(object({
    publish_internet_endpoints  = bool
    publish_microsoft_endpoints = bool
    choice                      = string
  }))
 
[
  {
    "choice": "MicrosoftRouting",
    "publish_internet_endpoints": false,
    "publish_microsoft_endpoints": false
  }
]
 no
sas_policy_settings n/a 
list(object({
    expiration_period = string
    expiration_action = string
  }))
 
[
  {
    "expiration_action": "Log",
    "expiration_period": "7.00:00:00"
  }
]
 no
sftp_enabled Boolean, enable SFTP for the storage account bool false no
shared_access_key_enabled Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is true. bool true no
static_website_config Static website configuration. Can only be set when the account_kind is set to StorageV2 or BlockBlobStorage. 
object({
    index_document     = optional(string)
    error_404_document = optional(string)
  })
 null no
storage_account_id Storage account id to pass it to destination details of diagnosys setting of NSG. string null no
storage_account_name The name of the azure storage account string "" no
storage_blob_cors_rule Storage Account blob CORS rule. Please refer to the documentation for more information. 
object({
    allowed_headers    = list(string)
    allowed_methods    = list(string)
    allowed_origins    = list(string)
    exposed_headers    = list(string)
    max_age_in_seconds = number
  })
 null no
storage_blob_data_protection Storage account blob Data protection parameters. 
object({
    change_feed_enabled                       = optional(bool, false)
    versioning_enabled                        = optional(bool, false)
    last_access_time_enabled                  = optional(bool, false)
    delete_retention_policy_in_days           = optional(number, 0)
    container_delete_retention_policy_in_days = optional(number, 0)
    container_point_in_time_restore           = optional(bool, false)
  })
 
{
  "change_feed_enabled": false,
  "container_delete_retention_policy_in_days": 7,
  "delete_retention_policy_in_days": 7,
  "last_access_time_enabled": false,
  "versioning_enabled": false
}
 no
subnet_id The resource ID of the subnet string "" no
table_encryption_key_type The encryption type of the table service. Possible values are 'Service' and 'Account'. string "Account" no
tables List of storage tables. list(string) [] no
use_subdomain Should the Custom Domain Name be validated by using indirect CNAME validation? bool false no
virtual_network_id The name of the virtual network string "" no

Outputs

Name Description
containers Map of containers.
file_shares Map of Storage SMB file shares.
queues Map of Storage SMB file shares.
storage_account_id The ID of the storage account.
storage_account_name The name of the storage account.
storage_account_primary_blob_endpoint The endpoint URL for blob storage in the primary location.
storage_account_primary_location The primary location of the storage account
storage_account_primary_web_endpoint The endpoint URL for web storage in the primary location.
storage_account_primary_web_host The hostname with port if applicable for web storage in the primary location.
storage_primary_access_key The primary access key for the storage account
storage_primary_connection_string The primary connection string for the storage account
tables Map of Storage SMB file shares.