Need you Help on something really quick :
How to set storage account "soft delete" option enabled using arm template?
2.What's the property that I should be using in arm template. Tried browsing through this site but couldn't get muchinformation - https://learn.microsoft.com/en-us/rest/api/storagerp/storageaccounts/getproperties
Any help is Much Appreciated.
Rocky
It seems that with the release of the 2018-11-01 version of the storage template it's now possible to enable soft delete in your ARM template.
Below you can find the template I've used:
{
"parameters": {
"NameForResources": {
"type": "string",
},
"ResourceLocation": {
"type": "string",
"defaultValue": "westeurope"
},
"Storage_Type": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('Storage_Type')]"
},
"kind": "Storage",
"name": "[parameters('NameForResources')]",
"apiVersion": "2018-11-01",
"location": "[parameters('ResourceLocation')]",
"properties": {
"encryption": {
"services": {
"blob": {
"enabled": true
},
"file": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"supportsHttpsTrafficOnly": true
},
"resources": [
{
"name": "[concat(parameters('NameForResources'),'/','default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2018-11-01",
"properties": {
"deleteRetentionPolicy": {
"enabled": true,
"days": 30
}
},
"dependsOn": ["[concat('Microsoft.Storage/storageAccounts/', parameters('NameForResources'))]"]
}
]
}
],
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0"
}
I do not think it is currently possible to configure soft delete using ARM. Soft delete is a blob service property, not a property of the storage account.
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete#powershell
For keyvaults, use "enableSoftDelete": true.
For storage accounts, add a blob service with 1) the following properties and 2) a dependsOn condition on the storage account:
{
"name": "[concat(parameters('storageAccountName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2018-07-01",
"properties": {
"deleteRetentionPolicy": {
"enabled": true,
"days": 30
}
},
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
]
}
Related
I created an Azure custom provider by following the documentation in the link below:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/custom-providers/
I am able to successfully create resources for the types defined in the custom provider using ARM templates. However, I do not see those resources on the azure portal under the specific resource group.
Is this behavior expected?
I have deployed the custom provider in azure portal using ARM template by following below steps
Open azure portal and search for custom deployment as below
Taken reference from Microsoft Doc
After opening custom deployment, i have used the below code and then click on save
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"funcName": {
"type": "string",
"defaultValue": "[uniqueString(resourceGroup().id)]",
"metadata": {
"description": "The unique name of the function application"
}
},
"storageName": {
"type": "string",
"defaultValue": "[concat('store', uniquestring(resourceGroup().id))]",
"metadata": {
"description": "The unique name of the storage account."
}
},
"location": {
"type": "string",
"defaultValue": "eastus",
"metadata": {
"description": "The location for the resources."
}
},
"zipFileBlobUri": {
"type": "string",
"defaultValue": "https://github.com/Azure/azure-docs-json-samples/blob/master/custom-providers/_artifacts/functionpackage.zip?raw=true",
"metadata": {
"description": "The URI to the uploaded function zip file"
}
}
},
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2022-03-01",
"name": "[parameters('funcName')]",
"location": "[parameters('location')]",
"kind": "functionapp",
"identity": {
"type": "SystemAssigned"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageName'))]"
],
"properties": {
"name": "[parameters('funcName')]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('storageName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageName')), '2022-05-01').keys[0].value)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('storageName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageName')), '2022-05-01').keys[0].value)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('storageName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageName')), '2022-05-01').keys[0].value)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(parameters('funcName'))]"
},
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "6.5.0"
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "[parameters('zipFileBlobUri')]"
}
]
},
"clientAffinityEnabled": false,
"reserved": false
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2022-05-01",
"name": "[parameters('storageName')]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
}
},
{
"type": "Microsoft.CustomProviders/resourceProviders",
"apiVersion": "2018-09-01-preview",
"name": "[parameters('funcName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Web/sites/',parameters('funcName'))]"
],
"properties": {
"actions": [
{
"name": "ping",
"routingType": "Proxy",
"endpoint": "[concat('https://', parameters('funcName'), '.azurewebsites.net/api/{requestPath}')]"
}
],
"resourceTypes": [
{
"name": "users",
"routingType": "Proxy,Cache",
"endpoint": "[concat('https://', parameters('funcName'), '.azurewebsites.net/api/{requestPath}')]"
}
]
}
},
{
"type": "Microsoft.CustomProviders/resourceProviders/users",
"apiVersion": "2018-09-01-preview",
"name": "[concat(parameters('funcName'), '/ana')]",
"location": "parameters('location')",
"dependsOn": [
"[concat('Microsoft.CustomProviders/resourceProviders/',parameters('funcName'))]"
],
"properties": {
"FullName": "Ana Bowman",
"Location": "Moon"
}
}
],
"outputs": {
"principalId": {
"type": "string",
"value": "[reference(concat('Microsoft.Web/sites/', parameters('funcName')), '2022-03-01', 'Full').identity.principalId]"
}
}
}
Fill the following details like Subscription id, resource group, location and click on review+create
After deploying into the azure portal, we will get below
After deploying it to azure poral Goto azure portal and click on your resource group and click on the check box you will find as below
I use ARM to define my resources in Azure. Now i want to define the minimum supported TLS Version within my ARM Template for a StorageAccount.
Usually i just edit the resource via the dashboard and export the generated ARM Template to then look for the new change. Unfortunately for the TLS Version this does not seam to be a part of the ARM Template definition.
I also can not find any mention in the Schema definition -> https://github.com/Azure/azure-resource-manager-schemas/blob/master/schemas/2019-06-01/Microsoft.Storage.json
Does anyone know how i can for the minimum TLS Version to be no less than 1.2 during or directly after the resource deployment?
I just created a Storage account with tls 1.2 and i can see this in the template:
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
And the parameter value is:
"minimumTlsVersion": {
"value": "TLS1_2"
},
This is the full template
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
}
],
"outputs": {}
}
`
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"InputstorageAccount": {
"defaultValue": "inputstgdev",
"type": "String"
},
"GitrepoBranch": {
"type": "string",
"defaultValue": "master",
"metadata": {
"description": "Name of the branch to use when deploying (Default = master)."
}
},
"GitrepoURL": {
"type": "string",
"defaultValue": "https://github.com/FBoucher/AzUnzipEverything.git",
"metadata": {
"description": "URL to repo (Default = master)."
}
},
"InputcontainerName": {
"type": "string",
"defaultValue": "inputcontainer",
"metadata": {
"description": "Specifies the name of the blob container."
}
},
"OutputstorageAccount": {
"defaultValue": "outputstgdev",
"type": "String"
},
"OutputcontainerName": {
"type": "string",
"defaultValue": "outputcontainer",
"metadata": {
"description": "Specifies the name of the blob container."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('InputstorageAccount'), '/default/', parameters('InputcontainerName'))]",
"properties": {
"publicAccess": "None"
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('OutputstorageAccount'), '/default/', parameters('OutputcontainerName'))]",
"properties": {
"publicAccess": "None"
}
},
{
"name": "serviceplan",
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "F1",
"capacity": 1
},
"tags": {
"displayName": "serviceplan"
},
"properties": {
"name": "serviceplan"
}
},
{
"name": "functionapp",
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', 'serviceplan')]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('InputstorageAccount'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serviceplan')]",
"siteConfig": {
"appSettings": [
{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('InputstorageAccount'), ';AccountKey=', listKeys(parameters('InputcontainerName'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('InputstorageAccount'), ';AccountKey=', listKeys(parameters('InputcontainerName'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('InputstorageAccount'), ';AccountKey=', listKeys(parameters('InputcontainerName'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower('functionapp')]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~2"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('microsoft.insights/components/', 'applicationInsightsName'), '2015-05-01').InstrumentationKey]"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "dotnet"
}
]
}
},
"resources":[
{
"apiVersion": "2015-08-01",
"name": "web",
"type": "sourcecontrols",
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', parameters('InputstorageAccount'))]"
],
"properties": {
"RepoUrl": "[parameters('GitrepoURL')]",
"branch": "[parameters('GitrepoBranch')]",
"publishRunbook": true,
"IsManualIntegration": true
}
}
]
}
]
}
`I have a storage account called STGaccount which I created with the Azure portal and would like to use ARM template to create a container called inputcontainer in this STGaccount. Each time I try to do so I get an error message saying that the storage account STGaccount I am trying to create with the ARM template already exist in the resource group....So i guess I am writing my ARM template in a way that it still creates a new storage account with a name similar to the one I already have in the resource group. What I actually want to do is to reference the already existing storage account in my ARM template such that i do not have to create a new one.
Thanks in advance as I look forward to your response
Try this ARM template, this will help you to create a container in the existing Storage account.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"defaultValue": "STGaccount",
"type": "String"
},
"containerName": {
"type": "string",
"defaultValue": "inputcontainer",
"metadata": {
"description": "Specifies the name of the blob container."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('containerName'))]",
"properties": {
"publicAccess": "None"
}
}
]
}
So now that it's (apparently) possible to create Blob Containers via an ARM template, is it possible to similarly create an Azure Storage Table? I've searched around but most of the answers are from before Blob Container creation was implemented and available.
I've also found the documentation for the REST API at https://learn.microsoft.com/en-us/rest/api/storageservices/create-table but I'm not sure if and how this maps to the JSON entry in an ARM template.
I'm looking to eliminate the PowerShell script that currently handles the creation of the Table resources in my deployment.
As of the 2019-06-01 version ... Yes
No, this is not currently possible to do with an ARM template.
https://learn.microsoft.com/en-us/rest/api/storagerp/table/create
https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/2019-06-01/storageaccounts/tableservices
{
"name": "default",
"type": "Microsoft.Storage/storageAccounts/tableServices",
"apiVersion": "2019-06-01",
"properties": {
"cors": {
"corsRules": [
{
"allowedOrigins": [
"string"
],
"allowedMethods": [
"string"
],
"maxAgeInSeconds": "integer",
"exposedHeaders": [
"string"
],
"allowedHeaders": [
"string"
]
}
]
}
}
}
and tables:
{
"name": "string",
"type": "Microsoft.Storage/storageAccounts/tableServices/tables",
"apiVersion": "2019-06-01"
}
I would like to update this with an answer for anyone in the future trying to setup an ARM template with table service as the current documentation seems very vague in how these should be implemented. Specifically note the format of the names and that all items are defined as root level resources:
{
"name": "[concat(parameters('storageAccount_name'),'/', parameters('tableServiceName'))]",
"type": "Microsoft.Storage/storageAccounts/tableServices",
"apiVersion": "2019-06-01",
"properties": {
"cors": {
"corsRules": [
{
"allowedOrigins": [
"*"
],
"allowedMethods": [
"PUT",
"GET",
"POST"
],
"maxAgeInSeconds": 0,
"exposedHeaders": [
"*"
],
"allowedHeaders": [
"*"
]
}
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccount_name'))]"
],
"resources": []
},
{
"name": "[concat(parameters('storageAccount_name'),'/default/',parameters('table_name'))]",
"type": "Microsoft.Storage/storageAccounts/tableServices/tables",
"apiVersion": "2019-06-01",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/tableServices', parameters('storageAccount_name'), 'default')]",
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccount_name'))]"
]
}
From 2019-06-01 is possible to create Table Services and Tables.
Table Services
{
"name": "default",
"type": "Microsoft.Storage/storageAccounts/tableServices",
"apiVersion": "2019-06-01",
"properties": {
"cors": {
"corsRules": [
{
"allowedOrigins": [
"string"
],
"allowedMethods": [
"string"
],
"maxAgeInSeconds": "integer",
"exposedHeaders": [
"string"
],
"allowedHeaders": [
"string"
]
}
]
}
},
"resources": []
}
Tables
{
"name": "string",
"type": "Microsoft.Storage/storageAccounts/tableServices/tables",
"apiVersion": "2019-06-01"
}
See the references Azure Storage Account Table Services
Sample ARM Template to create Blob and Table in a storage account
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Specifies the name of the Azure Storage account."
}
},
"containerName": {
"type": "string",
"defaultValue": "logs",
"metadata": {
"description": "Specifies the name of the blob container."
}
},
"tableName": {
"type": "string",
"defaultValue": "logstable",
"metadata": {
"description": "Specifies the name of the table."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location in which the Azure Storage resources should be deployed."
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"accessTier": "Hot",
"minimumTlsVersion": "TLS1_2",
"allowBlobPublicAccess": false,
"supportsHttpsTrafficOnly": true
},
"resources": [
{
"type": "blobServices/containers",
"apiVersion": "2019-06-01",
"name": "[concat('default/', parameters('containerName'))]",
"dependsOn": [
"[parameters('storageAccountName')]"
]
},
{
"type": "tableServices/tables",
"apiVersion": "2019-06-01",
"name": "[concat('default/', parameters('tableName'))]",
"dependsOn": [
"[parameters('storageAccountName')]"
]
}
]
}
]
}
As of now only container is available. Microsoft are working on tables.
You can use CreateIfNotExistsAsync method in your code
In case your azure storage table does not yet exist it will create it. So you don't have to add things in the ARM templates.
I tried to automate my deployment of a Docker container to an Azure resource group following the docs on https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#deploy-a-key-vault-and-secret and https://gallery.azure.com/artifact/20161101/microsoft.containerinstances.1.0.8/Artifacts/mainTemplate.json.
I was able to deploy my application successfully, including the retrieval of encrypted secrets from Vault. I'm now struggling to set ENVs for my container, both secrets and normal ENVs. Even though there is a way to set ENVs in the az container API, I cannot find anything in the docs of the resource group deployment API. How can I pass ENVs to my Azure container?
The snippet of the json template you need is as follows (the full template is here)
"name": "[toLower(parameters('DeploymentName'))]",
"type": "Microsoft.ContainerInstance/containerGroups",
"properties": {
"containers": [
{
"environmentVariables": [
{
"name": "CertificateName",
"value": "[parameters('CertificateName')]"
},
],
You may look the sample mentioned here: https://github.com/Azure/azure-quickstart-templates/blob/master/101-aci-storage-file-share/azuredeploy.json
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[uniquestring(resourceGroup().id)]",
"metadata": {
"description": "Storage Account Name"
}
},
"fileShareName": {
"type": "string",
"metadata": {
"description": "File Share Name"
}
},
"containerInstanceLocation": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"allowedValues": [
"westus",
"eastus",
"westeurope",
"southeastaisa",
"westus2"
],
"metadata": {
"description": "Container Instance Location"
}
}
},
"variables": {
"image": "microsoft/azure-cli",
"cpuCores": "1.0",
"memoryInGb": "1.5",
"containerGroupName":"createshare-containerinstance",
"containerName": "createshare"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"name": "[variables('containerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-02-01-preview",
"location": "[parameters('containerInstanceLocation')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"containers": [
{
"name": "[variables('containerName')]",
"properties": {
"image": "[variables('image')]",
"command": [
"az",
"storage",
"share",
"create",
"--name",
"[parameters('fileShareName')]"
],
"environmentVariables": [
{
"name": "AZURE_STORAGE_KEY",
"value": "[listKeys(parameters('storageAccountName'),'2017-10-01').keys[0].value]"
},
{
"name": "AZURE_STORAGE_ACCOUNT",
"value": "[parameters('storageAccountName')]"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"restartPolicy": "OnFailure",
"osType": "Linux"
}
}
]
}
The recommended way for secrets is to Mount secret volume to your container, because it is using tmpfs and your secrets exist only in volatile memory!
NOTE: at the time of this post only Linux based containers support it...