Microsoft.Storage storageAccounts 2016-05-01
Bicep resource definition
The storageAccounts resource type can be deployed to: Resource groups.
To learn about resource group deployments, see Bicep.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Storage/storageAccounts@2016-05-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
}
kind: 'string'
properties: {
accessTier: 'string'
customDomain: {
name: 'string'
useSubDomainName: bool
}
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
enabled: bool
}
}
}
}
}
Property values
storageAccounts
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 3-24 Valid characters: Lowercase letters and numbers. Resource name must be unique across Azure. |
| location | Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed. | string (required) |
| tags | Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters. | Dictionary of tag names and values. See Tags in templates |
| sku | Required. Gets or sets the sku name. | Sku (required) |
| kind | Required. Indicates the type of storage account. | 'BlobStorage' 'Storage' (required) |
| properties | The parameters used to create the storage account. | StorageAccountPropertiesCreateParametersOrStorageAccountProperties |
StorageAccountPropertiesCreateParametersOrStorageAccountProperties
| Name | Description | Value |
|---|---|---|
| accessTier | Required for storage accounts where kind = BlobStorage. The access tier used for billing. | 'Cool' 'Hot' |
| customDomain | User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property. | CustomDomain |
| encryption | Provides the encryption settings on the account. If left unspecified the account encryption settings will remain the same. The default setting is unencrypted. | Encryption |
CustomDomain
| Name | Description | Value |
|---|---|---|
| name | Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source. | string (required) |
| useSubDomainName | Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates. | bool |
Encryption
| Name | Description | Value |
|---|---|---|
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage | 'Microsoft.Storage' (required) |
| services | List of services which support encryption. | EncryptionServices |
EncryptionServices
| Name | Description | Value |
|---|---|---|
| blob | The encryption function of the blob storage service. | EncryptionService |
EncryptionService
| Name | Description | Value |
|---|---|---|
| enabled | A boolean indicating whether or not the service encrypts the data as it is stored. | bool |
Sku
| Name | Description | Value |
|---|---|---|
| name | Gets or sets the sku name. Required for account creation; optional for update. Note that in older versions, sku name was called accountType. | 'Premium_LRS' 'Standard_GRS' 'Standard_LRS' 'Standard_RAGRS' 'Standard_ZRS' (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Connect to a storage account from a VM via private endpoint |
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint. |
| Connect to an Azure File Share via a Private Endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint. |
| Create a Standard Storage Account |
This template creates a Standard Storage Account |
| Create a Storage Account with SSE |
This template creates a Storage Account with Storage Service Encryption for Data at Rest |
| Storage account with Advanced Threat Protection. |
This template allows you to deploy an Azure Storage account with Advanced Threat Protection enabled. |
| Create Storage Account and Blob Container |
Creates an Azure Storage account and a blob container. Template originally authored by John Downs. |
| Storage Account with SSE and blob deletion retention policy |
This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy |
| Azure Storage Account Encryption with customer-managed key |
This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
| Create a storage account with file share |
Creates an Azure storage account and file share. |
| Create a storage account with multiple Blob containers |
Creates an Azure storage account and multiple blob containers. |
| Create a storage account with multiple file shares |
Creates an Azure storage account and multiple file shares. |
| Create Storage Account with SFTP enabled |
Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based. |
| Deploys a static website |
Deploys a static website with a backing storage account |
ARM template resource definition
The storageAccounts resource type can be deployed to: Resource groups.
To learn about resource group deployments, see ARM template.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts resource, add the following JSON to your template.
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2016-05-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string"
},
"kind": "string",
"properties": {
"accessTier": "string",
"customDomain": {
"name": "string",
"useSubDomainName": "bool"
},
"encryption": {
"keySource": "Microsoft.Storage",
"services": {
"blob": {
"enabled": "bool"
}
}
}
}
}
Property values
storageAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Storage/storageAccounts' |
| apiVersion | The resource api version | '2016-05-01' |
| name | The resource name | string (required) Character limit: 3-24 Valid characters: Lowercase letters and numbers. Resource name must be unique across Azure. |
| location | Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed. | string (required) |
| tags | Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters. | Dictionary of tag names and values. See Tags in templates |
| sku | Required. Gets or sets the sku name. | Sku (required) |
| kind | Required. Indicates the type of storage account. | 'BlobStorage' 'Storage' (required) |
| properties | The parameters used to create the storage account. | StorageAccountPropertiesCreateParametersOrStorageAccountProperties |
StorageAccountPropertiesCreateParametersOrStorageAccountProperties
| Name | Description | Value |
|---|---|---|
| accessTier | Required for storage accounts where kind = BlobStorage. The access tier used for billing. | 'Cool' 'Hot' |
| customDomain | User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property. | CustomDomain |
| encryption | Provides the encryption settings on the account. If left unspecified the account encryption settings will remain the same. The default setting is unencrypted. | Encryption |
CustomDomain
| Name | Description | Value |
|---|---|---|
| name | Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source. | string (required) |
| useSubDomainName | Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates. | bool |
Encryption
| Name | Description | Value |
|---|---|---|
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage | 'Microsoft.Storage' (required) |
| services | List of services which support encryption. | EncryptionServices |
EncryptionServices
| Name | Description | Value |
|---|---|---|
| blob | The encryption function of the blob storage service. | EncryptionService |
EncryptionService
| Name | Description | Value |
|---|---|---|
| enabled | A boolean indicating whether or not the service encrypts the data as it is stored. | bool |
Sku
| Name | Description | Value |
|---|---|---|
| name | Gets or sets the sku name. Required for account creation; optional for update. Note that in older versions, sku name was called accountType. | 'Premium_LRS' 'Standard_GRS' 'Standard_LRS' 'Standard_RAGRS' 'Standard_ZRS' (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Connect to a storage account from a VM via private endpoint |
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint. |
| Connect to an Azure File Share via a Private Endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint. |
| Create a Standard Storage Account |
This template creates a Standard Storage Account |
| Create a Storage Account with SSE |
This template creates a Storage Account with Storage Service Encryption for Data at Rest |
| Storage account with Advanced Threat Protection. |
This template allows you to deploy an Azure Storage account with Advanced Threat Protection enabled. |
| Create Storage Account and Blob Container |
Creates an Azure Storage account and a blob container. Template originally authored by John Downs. |
| Storage Account with SSE and blob deletion retention policy |
This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy |
| Azure Storage Account Encryption with customer-managed key |
This template deploys a Storage Account with a customer-managed key for encryption that's generated and placed inside a Key Vault. |
| Create a storage account with file share |
Creates an Azure storage account and file share. |
| Create a storage account with multiple Blob containers |
Creates an Azure storage account and multiple blob containers. |
| Create a storage account with multiple file shares |
Creates an Azure storage account and multiple file shares. |
| Create Storage Account with SFTP enabled |
Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based. |
| Deploys a static website |
Deploys a static website with a backing storage account |
Terraform (AzAPI provider) resource definition
The storageAccounts resource type can be deployed to: Resource groups.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Storage/storageAccounts@2016-05-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
accessTier = "string"
customDomain = {
name = "string"
useSubDomainName = bool
}
encryption = {
keySource = "Microsoft.Storage"
services = {
blob = {
enabled = bool
}
}
}
}
sku = {
name = "string"
}
kind = "string"
})
}
Property values
storageAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Storage/storageAccounts@2016-05-01" |
| name | The resource name | string (required) Character limit: 3-24 Valid characters: Lowercase letters and numbers. Resource name must be unique across Azure. |
| location | Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed. | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters. | Dictionary of tag names and values. |
| sku | Required. Gets or sets the sku name. | Sku (required) |
| kind | Required. Indicates the type of storage account. | "BlobStorage" "Storage" (required) |
| properties | The parameters used to create the storage account. | StorageAccountPropertiesCreateParametersOrStorageAccountProperties |
StorageAccountPropertiesCreateParametersOrStorageAccountProperties
| Name | Description | Value |
|---|---|---|
| accessTier | Required for storage accounts where kind = BlobStorage. The access tier used for billing. | "Cool" "Hot" |
| customDomain | User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property. | CustomDomain |
| encryption | Provides the encryption settings on the account. If left unspecified the account encryption settings will remain the same. The default setting is unencrypted. | Encryption |
CustomDomain
| Name | Description | Value |
|---|---|---|
| name | Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source. | string (required) |
| useSubDomainName | Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates. | bool |
Encryption
| Name | Description | Value |
|---|---|---|
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage | "Microsoft.Storage" (required) |
| services | List of services which support encryption. | EncryptionServices |
EncryptionServices
| Name | Description | Value |
|---|---|---|
| blob | The encryption function of the blob storage service. | EncryptionService |
EncryptionService
| Name | Description | Value |
|---|---|---|
| enabled | A boolean indicating whether or not the service encrypts the data as it is stored. | bool |
Sku
| Name | Description | Value |
|---|---|---|
| name | Gets or sets the sku name. Required for account creation; optional for update. Note that in older versions, sku name was called accountType. | "Premium_LRS" "Standard_GRS" "Standard_LRS" "Standard_RAGRS" "Standard_ZRS" (required) |