slawek/terraform-azurerm-storage-account
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Azure Storage Account Module

This module creates an Azure Storage Account with the specified name, resource group, and location. It also allows for the creation of storage containers within the account.

Variables

  • rg_name: The name of the resource group where the storage account will be created.
  • location: The Azure region where the storage account will be created.
  • base_name: Optional base name used to generate a unique storage account name when name is not set.
  • name: Optional explicit storage account name. If omitted, the module generates a deterministic name from base_name.
  • account_tier: Storage account performance tier.
  • account_replication_type: Storage account replication strategy.
  • allow_nested_items_to_be_public: Controls whether nested blobs/containers can be public.
  • public_network_access_enabled: Enables or disables public network access.
  • tags: Tags to apply to the storage account.
  • containers: A map of storage containers to be created within the storage account. Each container is defined as an object with the following properties:
    • name: The name of the storage container.
    • container_access_type: The access level of the container (e.g., "private", "blob", "container").

Blob Data Protection Inputs

  • enable_blob_soft_delete (optional, default false): Enables blob soft delete (delete_retention_policy) to recover deleted blobs/snapshots within a retention window.
  • blob_soft_delete_retention_days (optional, default null): Retention days for blob soft delete. When null, provider default is used.
  • enable_container_soft_delete (optional, default false): Enables container soft delete (container_delete_retention_policy) to recover deleted containers.
  • container_soft_delete_retention_days (optional, default null): Retention days for container soft delete. When null, provider default is used.
  • enable_blob_versioning (optional, default false): Stores previous blob versions so changes can be rolled back.
  • enable_blob_change_feed (optional, default false): Records ordered blob change events for audit, replay, and recovery workflows.
  • enable_point_in_time_restore_for_containers (optional, default false): Enables point-in-time restore (restore_policy) for blob data to recover state from a chosen point in time.
  • point_in_time_restore_days (optional, default null): Restore window in days. Required only when point-in-time restore is enabled.

Point-in-time restore requires enable_blob_soft_delete = true, enable_blob_versioning = true, and enable_blob_change_feed = true.

Example Usage

Use this module to create a storage account with containers and enable Blob data protection features for short-term rollback and recovery.

module "state_storage" {
  source = "./modules/storage-account"

  rg_name  = azurerm_resource_group.rg.name
  location = azurerm_resource_group.rg.location

  base_name = "sttfstate"

  enable_blob_soft_delete                     = true
  blob_soft_delete_retention_days             = 30
  enable_container_soft_delete                = true
  container_soft_delete_retention_days        = 30
  enable_blob_versioning                      = true
  enable_blob_change_feed                     = true
  enable_point_in_time_restore_for_containers = true
  point_in_time_restore_days                  = 14

  containers = {
    tfstate = {
      name                  = "tfstate"
      container_access_type = "private"
    }
  }
}

This example provides quick rollback using storage-account level protection (soft delete, versioning, change feed, and point-in-time restore).

Data Recovery

Short-term recovery from accidental deletion or modification can be achieved using the built-in Azure Storage Account data protection features enabled in this module.

Long-term protection with Azure Backup

To add a long-term vaulted recovery option, the backup-vault module is required. After creating the vault, configure Azure Backup (policy and backup instance) to protect the storage account for vaulted retention and restore workflows.

module "state_storage" {
  source = "./modules/storage-account"

  rg_name  = azurerm_resource_group.rg.name
  location = azurerm_resource_group.rg.location

  base_name = "sttfstate"
}

module "backup_vault" {
  source = "./modules/backup-vault"

  rg_name  = azurerm_resource_group.rg.name
  location = azurerm_resource_group.rg.location

  base_name                    = "bkvault"
  datastore_type               = "VaultStore"
  redundancy                   = "GeoRedundant"
  cross_region_restore_enabled = true
  retention_duration_in_days   = 30
  soft_delete                  = "On"
  immutability                 = "Disabled"
}

Outputs

  • storage_account_id: The ID of the created storage account.
  • storage_account_name: The name of the created storage account.
  • container_names: A list of the names of the created storage containers.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 38 KiB
Languages
HCL 100%