HashiCorp Terraform is a great tool for deploying and managing Microsoft Azure resource. This includes management of Azure Storage Accounts and Blob Containers. Azure Storage is one of the primary, foundational PaaS (Platform as a Service) services in Microsoft Azure for storing files and other blobs (binary large objects) of data. This article will show you the steps and Terraform code necessary for deploying and managing Azure Storage Accounts and Blob Containers.
Let get started!
Prerequisites
Before you start, you’ll need the following in order to deploy and manage Azure Storage Accounts with Terraform:
- An Azure Subscription to create resources within
- Terraform installed on your machine or where ever your CI/CD DevOps pipelines will be running
Step 1: Create an Azure Resource Group
All Microsoft Azure resources must be placed within an Azure Resource Group. The Resource Group provides a container in your Azure Subscription for organizing related resources together. In this case, when creating the Azure Function App, an Azure Resource Group is needed so we can place all the required resources for the Function App here.
The following snippet is the basic Terraform code for creating an Azure Resource Group:
# Create a resource group
resource "azurerm_resource_group" "primary" {
name = "b59-rg"
location = "eastus"
}Depending on your Azure governance policies, you may create the Azure Resource Group manually or in a different deployment pipeline. This is fine and both are done commonly as needed to meet the team and organizations Azure management and governance policies.
Step 2: Create an Azure Storage Account
Once you have an Azure Resource Group, the next step is to create the Azure Storage Account.
The following snippet is the basic Terraform code for creating an Azure Storage Account:
# Create Azure Storage Account required for Function App
resource azurerm_storage_account "primary" {
name = "b59storage"
resource_group_name = azurerm_resource_group.primary.name
location = azurerm_resource_group.primary.location
account_kine = "StorageV2"
account_tier = "Standard"
account_replication_type = "LRS"
}This snippet is referencing the Azure Resource Group that was configured in the previous snippet, rather than hard coding the resource group name and location.
The previous Terraform code for creating the azurerm_storage_account resource has the following properties configured:
name: The name of the Azure Storage Account resource that is created in your Azure Subscription and Resource Group.location: The Azure location where the resource will be created.resource_group_name: The name of the resource group in which to create the Azure Storage Account.account_kine: Defines the kind of the Storage Account. Options areBlobStorage,BlockBlobStorage,FileStorage,Storage,StorageV2. The Default isStorageV2which is the most common option to choose for using Azure Storage Accounts.account_tier: Defines the Tier to use for this Storage Account. Options areStandardandPremium. ChoosingStandardis the most common option used.account_replication_type: Defines the type of data replication used for the Storage Account. Be sure to choose this wisely depending on your data replication requirements for your intended usage of the Storage Account.LRSshown in this example is for Local Redundant Storage. Available options areLRS,GRS,RAGRS,ZRS,GZRS,RAGZRS.
Step 3: Create a Blob Container within Storage Account
Now that you have an Azure Storage Account, the next step is to create a Blob Container within that Storage Account.
The following snippet is the basic Terraform code for creating an Azure Storage Account:
resource azurerm_storage_container "myblobs" {
name = "myblobs"
storage_account_name = azurerm_storage_account.primary.name
container_access_type = "private"
}This snippet is referencing the Azure Storage Account that was previously configured with Terraform and specifying that to be the Storage Account to create the Container within using the storage_account_name proprty.
The previous Terraform code for creating the azurerm_storage_account resource has the following properties configured:
name: Specifies the name of the Container to create within the Azure Storage Account.storage_account_name: The name of the Azure Storage Account this Container will be created within.container_access_type: Specifies the Access Level configured for this Container. Available options areblob,container, orprivate. The default isprivatewhich is the most secure option.
Conclusion
In this article, you learned about what Terraform code is required at minimum to create and manage both an Azure Storage Account and Blob Container within that account. Hopefully this helps clarify what Terraform code is necessary for managing Azure Storage Accounts and Containers within your own Terraform projects.
About the Author
Chris Pietschmann
Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.
Terraform: If/Else Conditional Resource and Module Deployment
Azure Functions: Extend Execution Timeout Past 5 Minutes
IPv4 Address CIDR Range Reference and Calculator
Terraform: Use for_each to deploy multiple resources
Terraform: Import Existing Azure Resource Group
