feat(DO-779): Removing blob (terraform manages it by itself) and impr…

…oving storage account (mostly security)
dodevops · Aug 18, 2021 · c6dd2eb · c6dd2eb
1 parent c0a4668
commit c6dd2eb
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -36,7 +36,6 @@ No modules.
 The following resources are used by this module:
 
 - [azurerm_storage_account.storage-account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) (resource)
-- [azurerm_storage_blob.storage-blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_blob) (resource)
 - [azurerm_storage_container.storage-container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) (resource)
 
 ## Required Inputs
@@ -61,12 +60,6 @@ Description: Name of the resource group to use
 
 Type: `string`
 
-### size
-
-Description: Size of state blob in bytes
-
-Type: `string`
-
 ### stage
 
 Description: Name of the stage for this state
@@ -75,7 +68,15 @@ Type: `string`
 
 ## Optional Inputs
 
-No optional inputs.
+The following input variables are optional (have default values):
+
+### delete\_retention\_policy
+
+Description: days until soft deleted resources are hard deleted
+
+Type: `number`
+
+Default: `7`
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -1,26 +1,23 @@
-# Azure Storage blob for state storage
-
 resource "azurerm_storage_account" "storage-account" {
   name                      = "${lower(var.project)}${lower(var.stage)}stateacc"
   resource_group_name       = var.resource_group
   location                  = var.location
+  account_kind              = "StorageV2"
   account_tier              = "Standard"
   account_replication_type  = "ZRS"
-  enable_https_traffic_only = false
+  enable_https_traffic_only = true
+  allow_blob_public_access  = false
+  min_tls_version           = "TLS1_2"
+
+  blob_properties {
+    delete_retention_policy {
+      days = var.delete_retention_policy
+    }
+  }
 }
 
 resource "azurerm_storage_container" "storage-container" {
   name                  = "${lower(var.project)}${lower(var.stage)}statecont"
   storage_account_name  = azurerm_storage_account.storage-account.name
   container_access_type = "private"
 }
-
-resource "azurerm_storage_blob" "storage-blob" {
-  name = "${lower(var.project)}${lower(var.stage)}stateblob"
-
-  storage_account_name   = azurerm_storage_account.storage-account.name
-  storage_container_name = azurerm_storage_container.storage-container.name
-
-  type = "Block"
-  size = var.size
-}
diff --git a/vars.tf b/vars.tf
@@ -18,7 +18,8 @@ variable "resource_group" {
   description = "Name of the resource group to use"
 }
 
-variable "size" {
-  type        = string
-  description = "Size of state blob in bytes"
-}
+variable "delete_retention_policy" {
+  type        = number
+  description = "Days until soft deleted resources are hard deleted"
+  default     = 7
+}