Terraform module which creates an Azure Storage account.
- Microsoft Entra ID authorization enforced by default.
- Public network access denied by default.
- Read-access geo-redundant storage (RA-GRS) configured by default.
- Blob soft-delete retention set to 7 days by default.
- Blob point-in-time restore enabled by default.
- File soft-delete retention set to 7 days by default.
- Audit logs sent to given Log Analytics workspace by default.
-
Login to Azure:
az login -
Create a Terraform configuration file
main.tfand add the following example configuration:provider "azurerm" { storage_use_azuread = true features {} } resource "azurerm_resource_group" "example" { name = "example-resources" location = "westeurope" } module "log_analytics" { source = "equinor/log-analytics/azurerm" version = "~> 2.0" workspace_name = "example-workspace" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location } module "storage" { source = "equinor/storage/azurerm" version = "~> 12.0" account_name = "example-storage" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location log_analytics_workspace_id = module.log_analytics.workspace_id network_rules_ip_rules = ["1.1.1.1", "2.2.2.2", "3.3.3.3/30"] }
-
Install required provider plugins and modules:
terraform init -
Apply the Terraform configuration:
terraform apply
-
Login to Azure:
az login
-
Set environment variables:
export ARM_SUBSCRIPTION_ID="<SUBSCRIPTION_ID>" export TF_VAR_resource_group_name="<RESOURCE_GROUP_NAME>" export TF_VAR_location="<LOCATION>"
-
Initialize working directory:
terraform init
-
Execute tests:
terraform testSee
terraform testcommand documentation for options.