2024-06-26 15:45:06 -04:00

79 lines
2.4 KiB
Bicep

// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
@description('The name of the Storage Account resource.')
param name string
@description('The location of the Storage Account resource.')
param location string = resourceGroup().location
param tags object = {}
@allowed([ 'Hot', 'Cool', 'Premium' ])
param accessTier string = 'Hot'
param allowBlobPublicAccess bool = false
param allowCrossTenantReplication bool = true
param allowSharedKeyAccess bool = false
param defaultToOAuthAuthentication bool = false
param deleteRetentionPolicy object = {}
@allowed([ 'AzureDnsZone', 'Standard' ])
param dnsEndpointType string = 'Standard'
param kind string = 'StorageV2'
param minimumTlsVersion string = 'TLS1_2'
@allowed([ 'Enabled', 'Disabled' ])
param publicNetworkAccess string = 'Disabled'
param containers array = []
@description('Array of objects with fields principalId, principalType, roleDefinitionId')
param roleAssignments array = []
resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: name
location: location
tags: tags
kind: kind
sku: { name: 'Standard_LRS' }
properties: {
accessTier: accessTier
allowBlobPublicAccess: allowBlobPublicAccess
allowCrossTenantReplication: allowCrossTenantReplication
allowSharedKeyAccess: allowSharedKeyAccess
defaultToOAuthAuthentication: defaultToOAuthAuthentication
dnsEndpointType: dnsEndpointType
isHnsEnabled: true
minimumTlsVersion: minimumTlsVersion
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
publicNetworkAccess: publicNetworkAccess
}
resource blobServices 'blobServices' = if (!empty(containers)) {
name: 'default'
properties: {
deleteRetentionPolicy: deleteRetentionPolicy
}
resource container 'containers' = [
for container in containers: {
name: container.name
properties: {
publicAccess: contains(container, 'publicAccess') ? container.publicAccess : 'None'
}
}
]
}
}
resource roleAssignmentResources 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
for roleAssignment in roleAssignments: {
name: guid('${roleAssignment.principalId}-${roleAssignment.principalType}-${roleAssignment.roleDefinitionId}')
scope: storage
properties: roleAssignment
}
]
output id string = storage.id
output name string = storage.name
output primaryEndpoints object = storage.properties.primaryEndpoints