import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages an Azure Storage Account. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "storageaccountname", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "GRS", * tags: { * environment: "staging", * }, * }); * ``` * * ### With Network Rules * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "virtnetname", * addressSpaces: ["10.0.0.0/16"], * location: example.location, * resourceGroupName: example.name, * }); * const exampleSubnet = new azure.network.Subnet("example", { * name: "subnetname", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.2.0/24"], * serviceEndpoints: [ * "Microsoft.Sql", * "Microsoft.Storage", * ], * }); * const exampleAccount = new azure.storage.Account("example", { * name: "storageaccountname", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * networkRules: { * defaultAction: "Deny", * ipRules: ["100.0.0.1"], * virtualNetworkSubnetIds: [exampleSubnet.id], * }, * tags: { * environment: "staging", * }, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Storage` - 2025-06-01 * * ## Import * * Storage Accounts can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:storage/account:Account storageAcc1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/myaccount * ``` */ export declare class Account extends pulumi.CustomResource { /** * Get an existing Account resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AccountState, opts?: pulumi.CustomResourceOptions): Account; /** * Returns true if the given object is an instance of Account. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Account; /** * Defines the access tier for `BlobStorage`, `FileStorage` and `StorageV2` accounts. Valid options are `Hot`, `Cool`, `Cold` and `Premium`. Defaults to `Hot`. */ readonly accessTier: pulumi.Output; /** * Defines the Kind of account. Valid options are `BlobStorage`, `BlockBlobStorage`, `FileStorage`, `Storage` and `StorageV2`. Defaults to `StorageV2`. * * > **Note:** Changing the `accountKind` value from `Storage` to `StorageV2` will not trigger a force new on the storage account, it will only upgrade the existing storage account from `Storage` to `StorageV2` keeping the existing storage account in place. */ readonly accountKind: pulumi.Output; /** * Defines the type of replication to use for this storage account. Valid options are `LRS`, `GRS`, `RAGRS`, `ZRS`, `GZRS` and `RAGZRS`. Changing this forces a new resource to be created when types `LRS`, `GRS` and `RAGRS` are changed to `ZRS`, `GZRS` or `RAGZRS` and vice versa. */ readonly accountReplicationType: pulumi.Output; /** * Defines the Tier to use for this storage account. Valid options are `Standard` and `Premium`. For `BlockBlobStorage` and `FileStorage` accounts only `Premium` is valid. Changing this forces a new resource to be created. * * > **Note:** Blobs with a tier of `Premium` are of account kind `StorageV2`. */ readonly accountTier: pulumi.Output; /** * Allow or disallow nested items within this Account to opt into being public. Defaults to `true`. * * > **Note:** At this time `allowNestedItemsToBePublic` is only supported in the Public Cloud, China Cloud, and US Government Cloud. */ readonly allowNestedItemsToBePublic: pulumi.Output; /** * Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. Possible values are `AAD` and `PrivateLink`. */ readonly allowedCopyScope: pulumi.Output; /** * A `azureFilesAuthentication` block as defined below. */ readonly azureFilesAuthentication: pulumi.Output; /** * A `blobProperties` block as defined below. */ readonly blobProperties: pulumi.Output; /** * Should cross Tenant replication be enabled? Defaults to `false`. */ readonly crossTenantReplicationEnabled: pulumi.Output; /** * A `customDomain` block as documented below. */ readonly customDomain: pulumi.Output; /** * A `customerManagedKey` block as documented below. * * > **Note:** It's possible to define a Customer Managed Key both within either the `customerManagedKey` block or by using the `azure.storage.CustomerManagedKey` resource. However, it's not possible to use both methods to manage a Customer Managed Key for a Storage Account, since these will conflict. When using the `azure.storage.CustomerManagedKey` resource, you will need to use `ignoreChanges` on the `customerManagedKey` block. */ readonly customerManagedKey: pulumi.Output; /** * Default to Azure Active Directory authorization in the Azure portal when accessing the Storage Account. The default value is `false` */ readonly defaultToOauthAuthentication: pulumi.Output; /** * Specifies which DNS endpoint type to use. Possible values are `Standard` and `AzureDnsZone`. Defaults to `Standard`. Changing this forces a new resource to be created. * * > **Note:** Azure DNS zone support requires `PartitionedDns` feature to be enabled. To enable this feature for your subscription, use the following command: `az feature register --namespace "Microsoft.Storage" --name "PartitionedDns"`. */ readonly dnsEndpointType: pulumi.Output; /** * Specifies the Edge Zone within the Azure Region where this Storage Account should exist. Changing this forces a new Storage Account to be created. */ readonly edgeZone: pulumi.Output; /** * Boolean flag which forces HTTPS if enabled, see [here](https://docs.microsoft.com/azure/storage/storage-require-secure-transfer/) for more information. Defaults to `true`. */ readonly httpsTrafficOnlyEnabled: pulumi.Output; /** * An `identity` block as defined below. */ readonly identity: pulumi.Output; /** * An `immutabilityPolicy` block as defined below. Changing this forces a new resource to be created. */ readonly immutabilityPolicy: pulumi.Output; /** * Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to `false`. * * > **Note:** This can only be `true` when `accountKind` is `StorageV2` or when `accountTier` is `Premium` *and* `accountKind` is one of `BlockBlobStorage` or `FileStorage`. */ readonly infrastructureEncryptionEnabled: pulumi.Output; /** * Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2 ([see here for more information](https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-quickstart-create-account/)). Changing this forces a new resource to be created. * * > **Note:** This can only be `true` when `accountTier` is `Standard` or when `accountTier` is `Premium` *and* `accountKind` is `BlockBlobStorage` */ readonly isHnsEnabled: pulumi.Output; /** * Are Large File Shares Enabled? Defaults to `false`. * * > **Note:** Large File Shares are enabled by default when using an `accountKind` of `FileStorage`. */ readonly largeFileShareEnabled: pulumi.Output; /** * Is Local User Enabled? Defaults to `true`. */ readonly localUserEnabled: pulumi.Output; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1` and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. * * > **Note:** At this time `minTlsVersion` is only supported in the Public Cloud, China Cloud, and US Government Cloud. */ readonly minTlsVersion: pulumi.Output; /** * Specifies the name of the storage account. Only lowercase Alphanumeric characters allowed. Changing this forces a new resource to be created. This must be unique across the entire Azure service, not just within the resource group. */ readonly name: pulumi.Output; /** * A `networkRules` block as documented below. */ readonly networkRules: pulumi.Output; /** * Is NFSv3 protocol enabled? Changing this forces a new resource to be created. Defaults to `false`. * * > **Note:** This can only be `true` when `accountTier` is `Standard` and `accountKind` is `StorageV2`, or `accountTier` is `Premium` and `accountKind` is `BlockBlobStorage`. Additionally, the `isHnsEnabled` is `true` and `accountReplicationType` must be `LRS` or `RAGRS`. */ readonly nfsv3Enabled: pulumi.Output; /** * The primary access key for the storage account. */ readonly primaryAccessKey: pulumi.Output; /** * The connection string associated with the primary blob location. */ readonly primaryBlobConnectionString: pulumi.Output; /** * The endpoint URL for blob storage in the primary location. */ readonly primaryBlobEndpoint: pulumi.Output; /** * The hostname with port if applicable for blob storage in the primary location. */ readonly primaryBlobHost: pulumi.Output; /** * The internet routing endpoint URL for blob storage in the primary location. */ readonly primaryBlobInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for blob storage in the primary location. */ readonly primaryBlobInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for blob storage in the primary location. */ readonly primaryBlobMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for blob storage in the primary location. */ readonly primaryBlobMicrosoftHost: pulumi.Output; /** * The connection string associated with the primary location. */ readonly primaryConnectionString: pulumi.Output; /** * The endpoint URL for DFS storage in the primary location. */ readonly primaryDfsEndpoint: pulumi.Output; /** * The hostname with port if applicable for DFS storage in the primary location. */ readonly primaryDfsHost: pulumi.Output; /** * The internet routing endpoint URL for DFS storage in the primary location. */ readonly primaryDfsInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for DFS storage in the primary location. */ readonly primaryDfsInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for DFS storage in the primary location. */ readonly primaryDfsMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for DFS storage in the primary location. */ readonly primaryDfsMicrosoftHost: pulumi.Output; /** * The endpoint URL for file storage in the primary location. */ readonly primaryFileEndpoint: pulumi.Output; /** * The hostname with port if applicable for file storage in the primary location. */ readonly primaryFileHost: pulumi.Output; /** * The internet routing endpoint URL for file storage in the primary location. */ readonly primaryFileInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for file storage in the primary location. */ readonly primaryFileInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for file storage in the primary location. */ readonly primaryFileMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for file storage in the primary location. */ readonly primaryFileMicrosoftHost: pulumi.Output; /** * The primary location of the storage account. */ readonly primaryLocation: pulumi.Output; /** * The endpoint URL for queue storage in the primary location. */ readonly primaryQueueEndpoint: pulumi.Output; /** * The hostname with port if applicable for queue storage in the primary location. */ readonly primaryQueueHost: pulumi.Output; /** * The microsoft routing endpoint URL for queue storage in the primary location. */ readonly primaryQueueMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for queue storage in the primary location. */ readonly primaryQueueMicrosoftHost: pulumi.Output; /** * The endpoint URL for table storage in the primary location. */ readonly primaryTableEndpoint: pulumi.Output; /** * The hostname with port if applicable for table storage in the primary location. */ readonly primaryTableHost: pulumi.Output; /** * The microsoft routing endpoint URL for table storage in the primary location. */ readonly primaryTableMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for table storage in the primary location. */ readonly primaryTableMicrosoftHost: pulumi.Output; /** * The endpoint URL for web storage in the primary location. */ readonly primaryWebEndpoint: pulumi.Output; /** * The hostname with port if applicable for web storage in the primary location. */ readonly primaryWebHost: pulumi.Output; /** * The internet routing endpoint URL for web storage in the primary location. */ readonly primaryWebInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for web storage in the primary location. */ readonly primaryWebInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for web storage in the primary location. */ readonly primaryWebMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for web storage in the primary location. */ readonly primaryWebMicrosoftHost: pulumi.Output; /** * Specifies the version of the **provisioned** billing model (e.g. when `accountKind = "FileStorage"` for Storage File). Possible value is `V2`. Changing this forces a new resource to be created. */ readonly provisionedBillingModelVersion: pulumi.Output; /** * Whether the public network access is enabled? Defaults to `true`. */ readonly publicNetworkAccessEnabled: pulumi.Output; /** * The encryption type of the queue service. Possible values are `Service` and `Account`. Changing this forces a new resource to be created. Default value is `Service`. */ readonly queueEncryptionKeyType: pulumi.Output; /** * A `queueProperties` block as defined below. * * > **Note:** `queueProperties` can only be configured when `accountTier` is set to `Standard` and `accountKind` is set to either `Storage` or `StorageV2`. * * @deprecated this block has been deprecated and superseded by the `azure.storage.AccountQueueProperties` resource and will be removed in v5.0 of the AzureRM provider */ readonly queueProperties: pulumi.Output; /** * The name of the resource group in which to create the storage account. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * A `routing` block as defined below. */ readonly routing: pulumi.Output; /** * A `sasPolicy` block as defined below. */ readonly sasPolicy: pulumi.Output; /** * The secondary access key for the storage account. */ readonly secondaryAccessKey: pulumi.Output; /** * The connection string associated with the secondary blob location. */ readonly secondaryBlobConnectionString: pulumi.Output; /** * The endpoint URL for blob storage in the secondary location. */ readonly secondaryBlobEndpoint: pulumi.Output; /** * The hostname with port if applicable for blob storage in the secondary location. */ readonly secondaryBlobHost: pulumi.Output; /** * The internet routing endpoint URL for blob storage in the secondary location. */ readonly secondaryBlobInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for blob storage in the secondary location. */ readonly secondaryBlobInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for blob storage in the secondary location. */ readonly secondaryBlobMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for blob storage in the secondary location. */ readonly secondaryBlobMicrosoftHost: pulumi.Output; /** * The connection string associated with the secondary location. */ readonly secondaryConnectionString: pulumi.Output; /** * The endpoint URL for DFS storage in the secondary location. */ readonly secondaryDfsEndpoint: pulumi.Output; /** * The hostname with port if applicable for DFS storage in the secondary location. */ readonly secondaryDfsHost: pulumi.Output; /** * The internet routing endpoint URL for DFS storage in the secondary location. */ readonly secondaryDfsInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for DFS storage in the secondary location. */ readonly secondaryDfsInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for DFS storage in the secondary location. */ readonly secondaryDfsMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for DFS storage in the secondary location. */ readonly secondaryDfsMicrosoftHost: pulumi.Output; /** * The endpoint URL for file storage in the secondary location. */ readonly secondaryFileEndpoint: pulumi.Output; /** * The hostname with port if applicable for file storage in the secondary location. */ readonly secondaryFileHost: pulumi.Output; /** * The internet routing endpoint URL for file storage in the secondary location. */ readonly secondaryFileInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for file storage in the secondary location. */ readonly secondaryFileInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for file storage in the secondary location. */ readonly secondaryFileMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for file storage in the secondary location. */ readonly secondaryFileMicrosoftHost: pulumi.Output; /** * The secondary location of the storage account. */ readonly secondaryLocation: pulumi.Output; /** * The endpoint URL for queue storage in the secondary location. */ readonly secondaryQueueEndpoint: pulumi.Output; /** * The hostname with port if applicable for queue storage in the secondary location. */ readonly secondaryQueueHost: pulumi.Output; /** * The microsoft routing endpoint URL for queue storage in the secondary location. */ readonly secondaryQueueMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for queue storage in the secondary location. */ readonly secondaryQueueMicrosoftHost: pulumi.Output; /** * The endpoint URL for table storage in the secondary location. */ readonly secondaryTableEndpoint: pulumi.Output; /** * The hostname with port if applicable for table storage in the secondary location. */ readonly secondaryTableHost: pulumi.Output; /** * The microsoft routing endpoint URL for table storage in the secondary location. */ readonly secondaryTableMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for table storage in the secondary location. */ readonly secondaryTableMicrosoftHost: pulumi.Output; /** * The endpoint URL for web storage in the secondary location. */ readonly secondaryWebEndpoint: pulumi.Output; /** * The hostname with port if applicable for web storage in the secondary location. */ readonly secondaryWebHost: pulumi.Output; /** * The internet routing endpoint URL for web storage in the secondary location. */ readonly secondaryWebInternetEndpoint: pulumi.Output; /** * The internet routing hostname with port if applicable for web storage in the secondary location. */ readonly secondaryWebInternetHost: pulumi.Output; /** * The microsoft routing endpoint URL for web storage in the secondary location. */ readonly secondaryWebMicrosoftEndpoint: pulumi.Output; /** * The microsoft routing hostname with port if applicable for web storage in the secondary location. */ readonly secondaryWebMicrosoftHost: pulumi.Output; /** * Boolean, enable SFTP for the storage account * * > **Note:** SFTP support requires `isHnsEnabled` set to `true`. [More information on SFTP support can be found here](https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support). Defaults to `false` */ readonly sftpEnabled: pulumi.Output; /** * A `shareProperties` block as defined below. * * > **Note:** `shareProperties` can only be configured when either `accountTier` is `Standard` and `accountKind` is either `Storage` or `StorageV2` - or when `accountTier` is `Premium` and `accountKind` is `FileStorage`. */ readonly shareProperties: pulumi.Output; /** * Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). Defaults to `true`. * * > **Note:** Terraform uses Shared Key Authorisation to provision Storage Containers, Blobs and other items - when Shared Key Access is disabled, you will need to enable the `storageUseAzuread` flag in the Provider block to use Azure AD for authentication, however not all Azure Storage services support Active Directory authentication. */ readonly sharedAccessKeyEnabled: pulumi.Output; /** * A `staticWebsite` block as defined below. * * > **Note:** `staticWebsite` can only be set when the `accountKind` is set to `StorageV2` or `BlockBlobStorage`. * * > **Note:** If `staticWebsite` is specified, the service will automatically create a `azure.storage.Container` named `$web`. * * @deprecated this block has been deprecated and superseded by the `azure.storage.AccountStaticWebsite` resource and will be removed in v5.0 of the AzureRM provider */ readonly staticWebsite: pulumi.Output; /** * The encryption type of the table service. Possible values are `Service` and `Account`. Changing this forces a new resource to be created. Default value is `Service`. * * > **Note:** `queueEncryptionKeyType` and `tableEncryptionKeyType` cannot be set to `Account` when `accountKind` is set `Storage` */ readonly tableEncryptionKeyType: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a Account resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AccountArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Account resources. */ export interface AccountState { /** * Defines the access tier for `BlobStorage`, `FileStorage` and `StorageV2` accounts. Valid options are `Hot`, `Cool`, `Cold` and `Premium`. Defaults to `Hot`. */ accessTier?: pulumi.Input; /** * Defines the Kind of account. Valid options are `BlobStorage`, `BlockBlobStorage`, `FileStorage`, `Storage` and `StorageV2`. Defaults to `StorageV2`. * * > **Note:** Changing the `accountKind` value from `Storage` to `StorageV2` will not trigger a force new on the storage account, it will only upgrade the existing storage account from `Storage` to `StorageV2` keeping the existing storage account in place. */ accountKind?: pulumi.Input; /** * Defines the type of replication to use for this storage account. Valid options are `LRS`, `GRS`, `RAGRS`, `ZRS`, `GZRS` and `RAGZRS`. Changing this forces a new resource to be created when types `LRS`, `GRS` and `RAGRS` are changed to `ZRS`, `GZRS` or `RAGZRS` and vice versa. */ accountReplicationType?: pulumi.Input; /** * Defines the Tier to use for this storage account. Valid options are `Standard` and `Premium`. For `BlockBlobStorage` and `FileStorage` accounts only `Premium` is valid. Changing this forces a new resource to be created. * * > **Note:** Blobs with a tier of `Premium` are of account kind `StorageV2`. */ accountTier?: pulumi.Input; /** * Allow or disallow nested items within this Account to opt into being public. Defaults to `true`. * * > **Note:** At this time `allowNestedItemsToBePublic` is only supported in the Public Cloud, China Cloud, and US Government Cloud. */ allowNestedItemsToBePublic?: pulumi.Input; /** * Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. Possible values are `AAD` and `PrivateLink`. */ allowedCopyScope?: pulumi.Input; /** * A `azureFilesAuthentication` block as defined below. */ azureFilesAuthentication?: pulumi.Input; /** * A `blobProperties` block as defined below. */ blobProperties?: pulumi.Input; /** * Should cross Tenant replication be enabled? Defaults to `false`. */ crossTenantReplicationEnabled?: pulumi.Input; /** * A `customDomain` block as documented below. */ customDomain?: pulumi.Input; /** * A `customerManagedKey` block as documented below. * * > **Note:** It's possible to define a Customer Managed Key both within either the `customerManagedKey` block or by using the `azure.storage.CustomerManagedKey` resource. However, it's not possible to use both methods to manage a Customer Managed Key for a Storage Account, since these will conflict. When using the `azure.storage.CustomerManagedKey` resource, you will need to use `ignoreChanges` on the `customerManagedKey` block. */ customerManagedKey?: pulumi.Input; /** * Default to Azure Active Directory authorization in the Azure portal when accessing the Storage Account. The default value is `false` */ defaultToOauthAuthentication?: pulumi.Input; /** * Specifies which DNS endpoint type to use. Possible values are `Standard` and `AzureDnsZone`. Defaults to `Standard`. Changing this forces a new resource to be created. * * > **Note:** Azure DNS zone support requires `PartitionedDns` feature to be enabled. To enable this feature for your subscription, use the following command: `az feature register --namespace "Microsoft.Storage" --name "PartitionedDns"`. */ dnsEndpointType?: pulumi.Input; /** * Specifies the Edge Zone within the Azure Region where this Storage Account should exist. Changing this forces a new Storage Account to be created. */ edgeZone?: pulumi.Input; /** * Boolean flag which forces HTTPS if enabled, see [here](https://docs.microsoft.com/azure/storage/storage-require-secure-transfer/) for more information. Defaults to `true`. */ httpsTrafficOnlyEnabled?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * An `immutabilityPolicy` block as defined below. Changing this forces a new resource to be created. */ immutabilityPolicy?: pulumi.Input; /** * Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to `false`. * * > **Note:** This can only be `true` when `accountKind` is `StorageV2` or when `accountTier` is `Premium` *and* `accountKind` is one of `BlockBlobStorage` or `FileStorage`. */ infrastructureEncryptionEnabled?: pulumi.Input; /** * Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2 ([see here for more information](https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-quickstart-create-account/)). Changing this forces a new resource to be created. * * > **Note:** This can only be `true` when `accountTier` is `Standard` or when `accountTier` is `Premium` *and* `accountKind` is `BlockBlobStorage` */ isHnsEnabled?: pulumi.Input; /** * Are Large File Shares Enabled? Defaults to `false`. * * > **Note:** Large File Shares are enabled by default when using an `accountKind` of `FileStorage`. */ largeFileShareEnabled?: pulumi.Input; /** * Is Local User Enabled? Defaults to `true`. */ localUserEnabled?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1` and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. * * > **Note:** At this time `minTlsVersion` is only supported in the Public Cloud, China Cloud, and US Government Cloud. */ minTlsVersion?: pulumi.Input; /** * Specifies the name of the storage account. Only lowercase Alphanumeric characters allowed. Changing this forces a new resource to be created. This must be unique across the entire Azure service, not just within the resource group. */ name?: pulumi.Input; /** * A `networkRules` block as documented below. */ networkRules?: pulumi.Input; /** * Is NFSv3 protocol enabled? Changing this forces a new resource to be created. Defaults to `false`. * * > **Note:** This can only be `true` when `accountTier` is `Standard` and `accountKind` is `StorageV2`, or `accountTier` is `Premium` and `accountKind` is `BlockBlobStorage`. Additionally, the `isHnsEnabled` is `true` and `accountReplicationType` must be `LRS` or `RAGRS`. */ nfsv3Enabled?: pulumi.Input; /** * The primary access key for the storage account. */ primaryAccessKey?: pulumi.Input; /** * The connection string associated with the primary blob location. */ primaryBlobConnectionString?: pulumi.Input; /** * The endpoint URL for blob storage in the primary location. */ primaryBlobEndpoint?: pulumi.Input; /** * The hostname with port if applicable for blob storage in the primary location. */ primaryBlobHost?: pulumi.Input; /** * The internet routing endpoint URL for blob storage in the primary location. */ primaryBlobInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for blob storage in the primary location. */ primaryBlobInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for blob storage in the primary location. */ primaryBlobMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for blob storage in the primary location. */ primaryBlobMicrosoftHost?: pulumi.Input; /** * The connection string associated with the primary location. */ primaryConnectionString?: pulumi.Input; /** * The endpoint URL for DFS storage in the primary location. */ primaryDfsEndpoint?: pulumi.Input; /** * The hostname with port if applicable for DFS storage in the primary location. */ primaryDfsHost?: pulumi.Input; /** * The internet routing endpoint URL for DFS storage in the primary location. */ primaryDfsInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for DFS storage in the primary location. */ primaryDfsInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for DFS storage in the primary location. */ primaryDfsMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for DFS storage in the primary location. */ primaryDfsMicrosoftHost?: pulumi.Input; /** * The endpoint URL for file storage in the primary location. */ primaryFileEndpoint?: pulumi.Input; /** * The hostname with port if applicable for file storage in the primary location. */ primaryFileHost?: pulumi.Input; /** * The internet routing endpoint URL for file storage in the primary location. */ primaryFileInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for file storage in the primary location. */ primaryFileInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for file storage in the primary location. */ primaryFileMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for file storage in the primary location. */ primaryFileMicrosoftHost?: pulumi.Input; /** * The primary location of the storage account. */ primaryLocation?: pulumi.Input; /** * The endpoint URL for queue storage in the primary location. */ primaryQueueEndpoint?: pulumi.Input; /** * The hostname with port if applicable for queue storage in the primary location. */ primaryQueueHost?: pulumi.Input; /** * The microsoft routing endpoint URL for queue storage in the primary location. */ primaryQueueMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for queue storage in the primary location. */ primaryQueueMicrosoftHost?: pulumi.Input; /** * The endpoint URL for table storage in the primary location. */ primaryTableEndpoint?: pulumi.Input; /** * The hostname with port if applicable for table storage in the primary location. */ primaryTableHost?: pulumi.Input; /** * The microsoft routing endpoint URL for table storage in the primary location. */ primaryTableMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for table storage in the primary location. */ primaryTableMicrosoftHost?: pulumi.Input; /** * The endpoint URL for web storage in the primary location. */ primaryWebEndpoint?: pulumi.Input; /** * The hostname with port if applicable for web storage in the primary location. */ primaryWebHost?: pulumi.Input; /** * The internet routing endpoint URL for web storage in the primary location. */ primaryWebInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for web storage in the primary location. */ primaryWebInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for web storage in the primary location. */ primaryWebMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for web storage in the primary location. */ primaryWebMicrosoftHost?: pulumi.Input; /** * Specifies the version of the **provisioned** billing model (e.g. when `accountKind = "FileStorage"` for Storage File). Possible value is `V2`. Changing this forces a new resource to be created. */ provisionedBillingModelVersion?: pulumi.Input; /** * Whether the public network access is enabled? Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * The encryption type of the queue service. Possible values are `Service` and `Account`. Changing this forces a new resource to be created. Default value is `Service`. */ queueEncryptionKeyType?: pulumi.Input; /** * A `queueProperties` block as defined below. * * > **Note:** `queueProperties` can only be configured when `accountTier` is set to `Standard` and `accountKind` is set to either `Storage` or `StorageV2`. * * @deprecated this block has been deprecated and superseded by the `azure.storage.AccountQueueProperties` resource and will be removed in v5.0 of the AzureRM provider */ queueProperties?: pulumi.Input; /** * The name of the resource group in which to create the storage account. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * A `routing` block as defined below. */ routing?: pulumi.Input; /** * A `sasPolicy` block as defined below. */ sasPolicy?: pulumi.Input; /** * The secondary access key for the storage account. */ secondaryAccessKey?: pulumi.Input; /** * The connection string associated with the secondary blob location. */ secondaryBlobConnectionString?: pulumi.Input; /** * The endpoint URL for blob storage in the secondary location. */ secondaryBlobEndpoint?: pulumi.Input; /** * The hostname with port if applicable for blob storage in the secondary location. */ secondaryBlobHost?: pulumi.Input; /** * The internet routing endpoint URL for blob storage in the secondary location. */ secondaryBlobInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for blob storage in the secondary location. */ secondaryBlobInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for blob storage in the secondary location. */ secondaryBlobMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for blob storage in the secondary location. */ secondaryBlobMicrosoftHost?: pulumi.Input; /** * The connection string associated with the secondary location. */ secondaryConnectionString?: pulumi.Input; /** * The endpoint URL for DFS storage in the secondary location. */ secondaryDfsEndpoint?: pulumi.Input; /** * The hostname with port if applicable for DFS storage in the secondary location. */ secondaryDfsHost?: pulumi.Input; /** * The internet routing endpoint URL for DFS storage in the secondary location. */ secondaryDfsInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for DFS storage in the secondary location. */ secondaryDfsInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for DFS storage in the secondary location. */ secondaryDfsMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for DFS storage in the secondary location. */ secondaryDfsMicrosoftHost?: pulumi.Input; /** * The endpoint URL for file storage in the secondary location. */ secondaryFileEndpoint?: pulumi.Input; /** * The hostname with port if applicable for file storage in the secondary location. */ secondaryFileHost?: pulumi.Input; /** * The internet routing endpoint URL for file storage in the secondary location. */ secondaryFileInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for file storage in the secondary location. */ secondaryFileInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for file storage in the secondary location. */ secondaryFileMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for file storage in the secondary location. */ secondaryFileMicrosoftHost?: pulumi.Input; /** * The secondary location of the storage account. */ secondaryLocation?: pulumi.Input; /** * The endpoint URL for queue storage in the secondary location. */ secondaryQueueEndpoint?: pulumi.Input; /** * The hostname with port if applicable for queue storage in the secondary location. */ secondaryQueueHost?: pulumi.Input; /** * The microsoft routing endpoint URL for queue storage in the secondary location. */ secondaryQueueMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for queue storage in the secondary location. */ secondaryQueueMicrosoftHost?: pulumi.Input; /** * The endpoint URL for table storage in the secondary location. */ secondaryTableEndpoint?: pulumi.Input; /** * The hostname with port if applicable for table storage in the secondary location. */ secondaryTableHost?: pulumi.Input; /** * The microsoft routing endpoint URL for table storage in the secondary location. */ secondaryTableMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for table storage in the secondary location. */ secondaryTableMicrosoftHost?: pulumi.Input; /** * The endpoint URL for web storage in the secondary location. */ secondaryWebEndpoint?: pulumi.Input; /** * The hostname with port if applicable for web storage in the secondary location. */ secondaryWebHost?: pulumi.Input; /** * The internet routing endpoint URL for web storage in the secondary location. */ secondaryWebInternetEndpoint?: pulumi.Input; /** * The internet routing hostname with port if applicable for web storage in the secondary location. */ secondaryWebInternetHost?: pulumi.Input; /** * The microsoft routing endpoint URL for web storage in the secondary location. */ secondaryWebMicrosoftEndpoint?: pulumi.Input; /** * The microsoft routing hostname with port if applicable for web storage in the secondary location. */ secondaryWebMicrosoftHost?: pulumi.Input; /** * Boolean, enable SFTP for the storage account * * > **Note:** SFTP support requires `isHnsEnabled` set to `true`. [More information on SFTP support can be found here](https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support). Defaults to `false` */ sftpEnabled?: pulumi.Input; /** * A `shareProperties` block as defined below. * * > **Note:** `shareProperties` can only be configured when either `accountTier` is `Standard` and `accountKind` is either `Storage` or `StorageV2` - or when `accountTier` is `Premium` and `accountKind` is `FileStorage`. */ shareProperties?: pulumi.Input; /** * Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). Defaults to `true`. * * > **Note:** Terraform uses Shared Key Authorisation to provision Storage Containers, Blobs and other items - when Shared Key Access is disabled, you will need to enable the `storageUseAzuread` flag in the Provider block to use Azure AD for authentication, however not all Azure Storage services support Active Directory authentication. */ sharedAccessKeyEnabled?: pulumi.Input; /** * A `staticWebsite` block as defined below. * * > **Note:** `staticWebsite` can only be set when the `accountKind` is set to `StorageV2` or `BlockBlobStorage`. * * > **Note:** If `staticWebsite` is specified, the service will automatically create a `azure.storage.Container` named `$web`. * * @deprecated this block has been deprecated and superseded by the `azure.storage.AccountStaticWebsite` resource and will be removed in v5.0 of the AzureRM provider */ staticWebsite?: pulumi.Input; /** * The encryption type of the table service. Possible values are `Service` and `Account`. Changing this forces a new resource to be created. Default value is `Service`. * * > **Note:** `queueEncryptionKeyType` and `tableEncryptionKeyType` cannot be set to `Account` when `accountKind` is set `Storage` */ tableEncryptionKeyType?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a Account resource. */ export interface AccountArgs { /** * Defines the access tier for `BlobStorage`, `FileStorage` and `StorageV2` accounts. Valid options are `Hot`, `Cool`, `Cold` and `Premium`. Defaults to `Hot`. */ accessTier?: pulumi.Input; /** * Defines the Kind of account. Valid options are `BlobStorage`, `BlockBlobStorage`, `FileStorage`, `Storage` and `StorageV2`. Defaults to `StorageV2`. * * > **Note:** Changing the `accountKind` value from `Storage` to `StorageV2` will not trigger a force new on the storage account, it will only upgrade the existing storage account from `Storage` to `StorageV2` keeping the existing storage account in place. */ accountKind?: pulumi.Input; /** * Defines the type of replication to use for this storage account. Valid options are `LRS`, `GRS`, `RAGRS`, `ZRS`, `GZRS` and `RAGZRS`. Changing this forces a new resource to be created when types `LRS`, `GRS` and `RAGRS` are changed to `ZRS`, `GZRS` or `RAGZRS` and vice versa. */ accountReplicationType: pulumi.Input; /** * Defines the Tier to use for this storage account. Valid options are `Standard` and `Premium`. For `BlockBlobStorage` and `FileStorage` accounts only `Premium` is valid. Changing this forces a new resource to be created. * * > **Note:** Blobs with a tier of `Premium` are of account kind `StorageV2`. */ accountTier: pulumi.Input; /** * Allow or disallow nested items within this Account to opt into being public. Defaults to `true`. * * > **Note:** At this time `allowNestedItemsToBePublic` is only supported in the Public Cloud, China Cloud, and US Government Cloud. */ allowNestedItemsToBePublic?: pulumi.Input; /** * Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. Possible values are `AAD` and `PrivateLink`. */ allowedCopyScope?: pulumi.Input; /** * A `azureFilesAuthentication` block as defined below. */ azureFilesAuthentication?: pulumi.Input; /** * A `blobProperties` block as defined below. */ blobProperties?: pulumi.Input; /** * Should cross Tenant replication be enabled? Defaults to `false`. */ crossTenantReplicationEnabled?: pulumi.Input; /** * A `customDomain` block as documented below. */ customDomain?: pulumi.Input; /** * A `customerManagedKey` block as documented below. * * > **Note:** It's possible to define a Customer Managed Key both within either the `customerManagedKey` block or by using the `azure.storage.CustomerManagedKey` resource. However, it's not possible to use both methods to manage a Customer Managed Key for a Storage Account, since these will conflict. When using the `azure.storage.CustomerManagedKey` resource, you will need to use `ignoreChanges` on the `customerManagedKey` block. */ customerManagedKey?: pulumi.Input; /** * Default to Azure Active Directory authorization in the Azure portal when accessing the Storage Account. The default value is `false` */ defaultToOauthAuthentication?: pulumi.Input; /** * Specifies which DNS endpoint type to use. Possible values are `Standard` and `AzureDnsZone`. Defaults to `Standard`. Changing this forces a new resource to be created. * * > **Note:** Azure DNS zone support requires `PartitionedDns` feature to be enabled. To enable this feature for your subscription, use the following command: `az feature register --namespace "Microsoft.Storage" --name "PartitionedDns"`. */ dnsEndpointType?: pulumi.Input; /** * Specifies the Edge Zone within the Azure Region where this Storage Account should exist. Changing this forces a new Storage Account to be created. */ edgeZone?: pulumi.Input; /** * Boolean flag which forces HTTPS if enabled, see [here](https://docs.microsoft.com/azure/storage/storage-require-secure-transfer/) for more information. Defaults to `true`. */ httpsTrafficOnlyEnabled?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * An `immutabilityPolicy` block as defined below. Changing this forces a new resource to be created. */ immutabilityPolicy?: pulumi.Input; /** * Is infrastructure encryption enabled? Changing this forces a new resource to be created. Defaults to `false`. * * > **Note:** This can only be `true` when `accountKind` is `StorageV2` or when `accountTier` is `Premium` *and* `accountKind` is one of `BlockBlobStorage` or `FileStorage`. */ infrastructureEncryptionEnabled?: pulumi.Input; /** * Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2 ([see here for more information](https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-quickstart-create-account/)). Changing this forces a new resource to be created. * * > **Note:** This can only be `true` when `accountTier` is `Standard` or when `accountTier` is `Premium` *and* `accountKind` is `BlockBlobStorage` */ isHnsEnabled?: pulumi.Input; /** * Are Large File Shares Enabled? Defaults to `false`. * * > **Note:** Large File Shares are enabled by default when using an `accountKind` of `FileStorage`. */ largeFileShareEnabled?: pulumi.Input; /** * Is Local User Enabled? Defaults to `true`. */ localUserEnabled?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The minimum supported TLS version for the storage account. Possible values are `TLS1_0`, `TLS1_1` and `TLS1_2`. Defaults to `TLS1_2` for new storage accounts. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. * * > **Note:** At this time `minTlsVersion` is only supported in the Public Cloud, China Cloud, and US Government Cloud. */ minTlsVersion?: pulumi.Input; /** * Specifies the name of the storage account. Only lowercase Alphanumeric characters allowed. Changing this forces a new resource to be created. This must be unique across the entire Azure service, not just within the resource group. */ name?: pulumi.Input; /** * A `networkRules` block as documented below. */ networkRules?: pulumi.Input; /** * Is NFSv3 protocol enabled? Changing this forces a new resource to be created. Defaults to `false`. * * > **Note:** This can only be `true` when `accountTier` is `Standard` and `accountKind` is `StorageV2`, or `accountTier` is `Premium` and `accountKind` is `BlockBlobStorage`. Additionally, the `isHnsEnabled` is `true` and `accountReplicationType` must be `LRS` or `RAGRS`. */ nfsv3Enabled?: pulumi.Input; /** * Specifies the version of the **provisioned** billing model (e.g. when `accountKind = "FileStorage"` for Storage File). Possible value is `V2`. Changing this forces a new resource to be created. */ provisionedBillingModelVersion?: pulumi.Input; /** * Whether the public network access is enabled? Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * The encryption type of the queue service. Possible values are `Service` and `Account`. Changing this forces a new resource to be created. Default value is `Service`. */ queueEncryptionKeyType?: pulumi.Input; /** * A `queueProperties` block as defined below. * * > **Note:** `queueProperties` can only be configured when `accountTier` is set to `Standard` and `accountKind` is set to either `Storage` or `StorageV2`. * * @deprecated this block has been deprecated and superseded by the `azure.storage.AccountQueueProperties` resource and will be removed in v5.0 of the AzureRM provider */ queueProperties?: pulumi.Input; /** * The name of the resource group in which to create the storage account. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * A `routing` block as defined below. */ routing?: pulumi.Input; /** * A `sasPolicy` block as defined below. */ sasPolicy?: pulumi.Input; /** * Boolean, enable SFTP for the storage account * * > **Note:** SFTP support requires `isHnsEnabled` set to `true`. [More information on SFTP support can be found here](https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support). Defaults to `false` */ sftpEnabled?: pulumi.Input; /** * A `shareProperties` block as defined below. * * > **Note:** `shareProperties` can only be configured when either `accountTier` is `Standard` and `accountKind` is either `Storage` or `StorageV2` - or when `accountTier` is `Premium` and `accountKind` is `FileStorage`. */ shareProperties?: pulumi.Input; /** * Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). Defaults to `true`. * * > **Note:** Terraform uses Shared Key Authorisation to provision Storage Containers, Blobs and other items - when Shared Key Access is disabled, you will need to enable the `storageUseAzuread` flag in the Provider block to use Azure AD for authentication, however not all Azure Storage services support Active Directory authentication. */ sharedAccessKeyEnabled?: pulumi.Input; /** * A `staticWebsite` block as defined below. * * > **Note:** `staticWebsite` can only be set when the `accountKind` is set to `StorageV2` or `BlockBlobStorage`. * * > **Note:** If `staticWebsite` is specified, the service will automatically create a `azure.storage.Container` named `$web`. * * @deprecated this block has been deprecated and superseded by the `azure.storage.AccountStaticWebsite` resource and will be removed in v5.0 of the AzureRM provider */ staticWebsite?: pulumi.Input; /** * The encryption type of the table service. Possible values are `Service` and `Account`. Changing this forces a new resource to be created. Default value is `Service`. * * > **Note:** `queueEncryptionKeyType` and `tableEncryptionKeyType` cannot be set to `Account` when `accountKind` is set `Storage` */ tableEncryptionKeyType?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }