Is it possible to add storage to a resource groups?
IIRC my storage group was created automatically when I used the 'old' version of the portal.
I can see my domain and VM in the group, but no storage. How do I add it?
You can create the storage account with in a resource group by using following template via ARM API or Powershell as well:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"accountType": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2014-06-01",
"name": "[parameters('name')]",
"type": "Microsoft.ClassicStorage/StorageAccounts",
"location": "[parameters('location')]",
"properties": {
"accountType": "[parameters('accountType')]"
}
}
]}
Assuming you mean storage account, you can create a storage account within a resource group in the preview portal. You cannot yet do it via the ARM API or Powershell though (see this question).
Related
I have a template that creates a storage account and a fileshare. Like this:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.5.6.12127",
"templateHash": "3186185032530874094"
}
},
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "[format('storage{0}', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "Specifies the name of the Azure Storage account."
}
},
"fileShareName": {
"type": "string",
"maxLength": 63,
"minLength": 3,
"metadata": {
"description": "Specifies the name of the File Share. File share names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the location in which the Azure Storage resources should be deployed."
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
},
"properties": {
"accessTier": "Hot",
"minimumTlsVersion" : "TLS1_2",
"supportsHttpsTrafficOnly": "true"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2021-04-01",
"name": "[format('{0}/default/{1}', parameters('storageAccountName'), parameters('fileShareName'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
]
}
]
}
From the YAML pipeline, you are using AzureFileCopy#4 task.
#[error]Upload to container: 'fsndevinternetsuite' in storage account: 'strdevinternetsuite' with blob prefix: '' failed with error: 'AzCopy.exe exited with non-zero exit code while uploading files to blob storage.'
From the error message, the cause of this issue could be that the Service Principal created by the Service connection does not have sufficient permissions to copy files to the Azure Storage account.
Refer to the following steps to find the service principal and add the Storage Blob Data Owner & Storage Blob Data Contributor to the service principal.
Step1: Navigate to Azure Portal -> AAD -> App registrations to find the related Service Principal.
Step2: Navigate to Storage account and grant the Storage Blob Data Owner & Storage Blob Data Contributor to the service principal.
For more detailed steps, you can refer to this doc: Assign an Azure role for access to blob data
Or you can change to use the AzureFileCopy#3 to replace the AzureFileCopy#4. You can check if it can work.
I'm trying to create a private endpoint through an ARM template for a storage account if the storage account SKU is Standard_GRS or Standard_RAGRS, or Standard_GZRS. How to include this in the conditional statement in the ARM template.
We have tested this in our local environment, below statements are based on our analysis.
In our local environment, we have created an ARM template to deploy storage account a condition the SKU of the storage account should be either of the below :
"Standard_GRS", "Standard_RAGRS", "Standard_GZRS"
To achieve this we have used the below condition in our ARM template :
"condition":"[or(equals(parameters('sku'),'Standard_RAGRS'),equals(parameters('sku'),'Standard_GZRS'),equals(parameters('sku'),'Standard_GRS'))]",
Here is the ARM template that we have used:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sku": {
"type": "string"
}
},
"functions": [],
"variables": {
},
"resources": [
{
"condition":"[or(equals(parameters('sku'),'Standard_RAGRS'),equals(parameters('sku'),'Standard_GZRS'),equals(parameters('sku'),'Standard_GRS'))]",
"name": "<strgaccount>",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"tags": {
"displayName": "storageaccount1"
},
"location": "[resourceGroup().location]",
"kind": "StorageV2",
"sku": {
"name": "[parameters('sku')]"
}
}
],
"outputs": {}
}
Here is the sample output for reference:
In the below Output we have passed the SKU value "Standard_GZRS" the condition got succeeded and Resource got deployed.
In the below Output we have passed the SKU value "Standard_LRS" the condition got failed & the resource didn't get deployed.
I create a Diagnostic Settings for a KeyVault resource in Azure portal. DS properties are Metrics = AllMetrics and Destination is a predefined Log Analytics Workspace.
When I do an export (Automation - Export Template) from Portal, nothing from the diagnostic setting is included in the generated ARM json. I've noticed the same behavior when resource is an App Service.
Is this by design? A bug? Any other way to get the ARM json for the diagnostic setting I've defined?
I tried the same in my environment and seems we cannot export the diagnostics settings for any service like key vault, app service , storage account etc when we try to export the template for automation . But there are some sample Diagnostics settings Templates for few resources provided in Microsoft Documentation.
So , as per your settings it will something like below which I have tested by deploying :
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"type": "String",
"defaultValue": "testdsansuman"
},
"vaultName": {
"type": "String",
"defaultValue": "ansumantestkv1234"
},
"workspaceName": {
"type": "String",
"defaultValue": "ansumantestlog"
}
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('vaultName'), '/Microsoft.Insights/', parameters('settingName'))]",
"dependsOn": [],
"properties": {
"workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('WorkspaceName'))]",
"metrics": [
{
"category": "AllMetrics",
"enabled": true
}
]
}
}
]
}
Output:
I'm creating a logic app which will do some operations on a blob storage, thus it needs a Connector to a specific blob storage. I'm able to define which Connector should be used (providing its name and other properties), however if it doesn't exist yet, the template fails to deploy. I know we can create these connectors via logic app designer, but i would very much like to automate that process. Hence the question:
Is it possible to deploy/create this connector using an ARM template or a script?
You can check this post related to Logic App connector.
Here is an ARM Template that create an API connection to blob storage:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBlobConnectionAPIName": {
"type": "string",
"metadata": {
"description": "The name of the connection api to access the azure blob storage."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The Storage Account Name."
}
}
},
"variables": {
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.Web/connections",
"name": "[parameters('azureBlobConnectionAPIName')]",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
"displayName": "[parameters('azureBlobConnectionAPIName')]",
"parameterValues": {
"accountName": "[parameters('storageAccountName')]",
"accessKey": "[listKeys(variables('storageAccountId'),'2015-05-01-preview').key1]"
},
"api": {
"id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('defaultResourceLocation'), '/managedApis/azureblob')]"
}
},
"dependsOn": []
}
]
}
I'm using VSTS to deploy azure resources.
I use task "Azure Resource Group Deployment" to deploy ARM templates.
How can I, for a specific parameter, override the value with a ARM function (concat, listkeys, etc)?
Example: My ARM template has a parameter that is a storage account key and instead of providing the key directly, I want to provide it by passing [listkeys(...)]
You cannot do that, several functions (like listKeys()) are evaluated at runtime only. I don't know what you are trying to achieve, so there are probably ways of doing what you try to achieve.
If you want to hide the keys you can store them in the Key Vault and retrieve at deployment time:
"password": {
"reference": {
"keyVault": {
"id": "[resourceId('kvGroup', 'Microsoft.KeyVault/vaults', 'kvName')]"
},
"secretName": "secret"
}
},
If the storage account isn't created within the same ARM template, I'd use the parameter to supply the name of the storage account and then listkeys() within the ARM template to get at the storage account connection string.
If you're creating the storage account in a previous ARM template deployment in your pipeline you could use output parameters to make the connection string available in the pipeline. Here is an example where xxx represents your company naming prefix:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"environment": {
"type": "string",
"defaultValue": "d",
"metadata": {
"description": "The deployment environment, given by develop (d), testing (t), production (p) or quality assurance (q)"
}
}
},
"variables": {
"busUnit": "vendor_name_here",
//storage account names must be lowercase and are limited to 24 alpha numeric characters
"storage_account_name": "[concat('xxx', parameters('environment'), variables('busUnit'), 'stor')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "Standard_LRS", //this is a hard coded SKU
"tier": "Standard" //general purpose versus blob-only
},
"kind": "Storage",
"name": "[variables('storage_account_name')]",
"apiVersion": "2017-06-01",
"location": "[resourceGroup().location]", //add it to the same region/location as the resource group
"properties": {
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": true
}
}
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
}
},
"dependsOn": []
}
],
"outputs": {
"storageAccountKey": {
//"description": "This works if the storage account is in the same resource group. It returns the access key for the account",
"type": "securestring",
"value": "[listKeys(variables('storage_account_name'),'2015-05-01-preview').key1]"
},
"storageAccountName": {
//"description": "This is the computed name of the storage account, based on naming conventions in the variables",
"type": "string",
"value": "[variables('storage_account_name')]"
}
}
}