Storage Accounts - Create

Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2019-04-01

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The ID of the target subscription.

resourceGroupName
path True
  • string

The name of the resource group within the user's subscription. The name is case insensitive.

Regex pattern: ^[-\w\._\(\)]+$

accountName
path True
  • string

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

api-version
query True
  • string

The API version to use for this operation.

Request Body

Name Required Type Description
identity

The identity of the resource.

kind True

Required. Indicates the type of storage account.

location True
  • string

Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed.

properties.accessTier

Required for storage accounts where kind = BlobStorage. The access tier used for billing.

properties.azureFilesIdentityBasedAuthentication

Provides the identity based authentication settings for Azure Files.

properties.customDomain

User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.

properties.encryption

Provides the encryption settings on the account. If left unspecified the account encryption settings will remain the same. The default setting is unencrypted.

properties.isHnsEnabled
  • boolean

Account HierarchicalNamespace enabled if sets to true.

properties.networkAcls

Network rule set

properties.supportsHttpsTrafficOnly
  • boolean

Allows https traffic only to storage service if sets to true. The default value is true since API version 2019-04-01.

sku True

Required. Gets or sets the SKU name.

tags
  • object

Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters.

Responses

Name Type Description
200 OK

OK -- returned when the storage account was already created from a previous request with the same properties specified in the request body.

202 Accepted

Accepted -- Create or update request accepted; operation will complete asynchronously.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

StorageAccountCreate

Sample Request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2019-04-01
{
  "sku": {
    "name": "Standard_GRS"
  },
  "kind": "Storage",
  "location": "eastus2euap",
  "properties": {
    "isHnsEnabled": true
  },
  "tags": {
    "key1": "value1",
    "key2": "value2"
  }
}

Sample Response

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
  "kind": "Storage",
  "location": "eastus2euap",
  "name": "sto4445",
  "properties": {
    "isHnsEnabled": true,
    "creationTime": "2017-05-24T13:25:33.4863236Z",
    "primaryEndpoints": {
      "web": "https://sto4445.web.core.windows.net/",
      "dfs": "https://sto4445.dfs.core.windows.net/",
      "blob": "https://sto4445.blob.core.windows.net/",
      "file": "https://sto4445.file.core.windows.net/",
      "queue": "https://sto4445.queue.core.windows.net/",
      "table": "https://sto4445.table.core.windows.net/"
    },
    "primaryLocation": "eastus2euap",
    "provisioningState": "Succeeded",
    "secondaryLocation": "centraluseuap",
    "statusOfPrimary": "available",
    "statusOfSecondary": "available",
    "supportsHttpsTrafficOnly": true
  },
  "sku": {
    "name": "Standard_GRS",
    "tier": "Standard"
  },
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "type": "Microsoft.Storage/storageAccounts"
}

Definitions

AccessTier

Required for storage accounts where kind = BlobStorage. The access tier used for billing.

AccountStatus

Gets the status indicating whether the primary location of the storage account is available or unavailable.

Action

The action of virtual network rule.

AzureFilesIdentityBasedAuthentication

Settings for Azure Files identity based authentication.

Bypass

Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.

CustomDomain

The custom domain assigned to this storage account. This can be set via Update.

DefaultAction

Specifies the default action of allow or deny when no other rules match.

DirectoryServiceOptions

Indicates the directory service used.

Encryption

The encryption settings on the storage account.

EncryptionService

A service that allows server-side encryption to be used.

EncryptionServices

A list of services that support encryption.

Endpoints

The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.

GeoReplicationStats

Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.

GeoReplicationStatus

The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

Identity

Identity for the resource.

IdentityType

The identity type.

IPRule

IP rule with specific IP or IP range in CIDR format.

KeySource

The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

KeyVaultProperties

Properties of key vault.

Kind

Indicates the type of storage account.

NetworkRuleSet

Network rule set

ProvisioningState

Gets the status of the storage account at the time the operation was called.

ReasonCode

The reason for the restriction. As of now this can be "QuotaId" or "NotAvailableForSubscription". Quota Id is set when the SKU has requiredQuotas parameter as the subscription does not belong to that quota. The "NotAvailableForSubscription" is related to capacity at DC.

Restriction

The restriction because of which SKU cannot be used.

Sku

The SKU of the storage account.

SKUCapability

The capability information in the specified SKU, including file encryption, network ACLs, change notification, etc.

SkuName

Gets or sets the SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

SkuTier

Gets the SKU tier. This is based on the SKU name.

State

Gets the state of virtual network rule.

StorageAccount

The storage account.

StorageAccountCreateParameters

The parameters used when creating a storage account.

VirtualNetworkRule

Virtual Network rule.

AccessTier

Required for storage accounts where kind = BlobStorage. The access tier used for billing.

Name Type Description
Cool
  • string
Hot
  • string

AccountStatus

Gets the status indicating whether the primary location of the storage account is available or unavailable.

Name Type Description
available
  • string
unavailable
  • string

Action

The action of virtual network rule.

Name Type Description
Allow
  • string

AzureFilesIdentityBasedAuthentication

Settings for Azure Files identity based authentication.

Name Type Description
directoryServiceOptions

Indicates the directory service used.

Bypass

Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.

Name Type Description
AzureServices
  • string
Logging
  • string
Metrics
  • string
None
  • string

CustomDomain

The custom domain assigned to this storage account. This can be set via Update.

Name Type Description
name
  • string

Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.

useSubDomainName
  • boolean

Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates.

DefaultAction

Specifies the default action of allow or deny when no other rules match.

Name Type Description
Allow
  • string
Deny
  • string

DirectoryServiceOptions

Indicates the directory service used.

Name Type Description
AADDS
  • string
None
  • string

Encryption

The encryption settings on the storage account.

Name Type Description
keySource

The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

keyvaultproperties

Properties provided by key vault.

services

List of services which support encryption.

EncryptionService

A service that allows server-side encryption to be used.

Name Type Description
enabled
  • boolean

A boolean indicating whether or not the service encrypts the data as it is stored.

lastEnabledTime
  • string

Gets a rough estimate of the date/time when the encryption was last enabled by the user. Only returned when encryption is enabled. There might be some unencrypted blobs which were written after this time, as it is just a rough estimate.

EncryptionServices

A list of services that support encryption.

Name Type Description
blob

The encryption function of the blob storage service.

file

The encryption function of the file storage service.

queue

The encryption function of the queue storage service.

table

The encryption function of the table storage service.

Endpoints

The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.

Name Type Description
blob
  • string

Gets the blob endpoint.

dfs
  • string

Gets the dfs endpoint.

file
  • string

Gets the file endpoint.

queue
  • string

Gets the queue endpoint.

table
  • string

Gets the table endpoint.

web
  • string

Gets the web endpoint.

GeoReplicationStats

Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.

Name Type Description
canFailover
  • boolean

A boolean flag which indicates whether or not account failover is supported for the account.

lastSyncTime
  • string

All primary writes preceding this UTC date/time value are guaranteed to be available for read operations. Primary writes following this point in time may or may not be available for reads. Element may be default value if value of LastSyncTime is not available, this can happen if secondary is offline or we are in bootstrap.

status

The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

GeoReplicationStatus

The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

Name Type Description
Bootstrap
  • string
Live
  • string
Unavailable
  • string

Identity

Identity for the resource.

Name Type Description
principalId
  • string

The principal ID of resource identity.

tenantId
  • string

The tenant ID of resource.

type

The identity type.

IdentityType

The identity type.

Name Type Description
SystemAssigned
  • string

IPRule

IP rule with specific IP or IP range in CIDR format.

Name Type Description
action

The action of IP ACL rule.

value
  • string

Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.

KeySource

The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

Name Type Description
Microsoft.Keyvault
  • string
Microsoft.Storage
  • string

KeyVaultProperties

Properties of key vault.

Name Type Description
keyname
  • string

The name of KeyVault key.

keyvaulturi
  • string

The Uri of KeyVault.

keyversion
  • string

The version of KeyVault key.

Kind

Indicates the type of storage account.

Name Type Description
BlobStorage
  • string
BlockBlobStorage
  • string
FileStorage
  • string
Storage
  • string
StorageV2
  • string

NetworkRuleSet

Network rule set

Name Type Description
bypass

Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.

defaultAction

Specifies the default action of allow or deny when no other rules match.

ipRules

Sets the IP ACL rules

virtualNetworkRules

Sets the virtual network rules

ProvisioningState

Gets the status of the storage account at the time the operation was called.

Name Type Description
Creating
  • string
ResolvingDNS
  • string
Succeeded
  • string

ReasonCode

The reason for the restriction. As of now this can be "QuotaId" or "NotAvailableForSubscription". Quota Id is set when the SKU has requiredQuotas parameter as the subscription does not belong to that quota. The "NotAvailableForSubscription" is related to capacity at DC.

Name Type Description
NotAvailableForSubscription
  • string
QuotaId
  • string

Restriction

The restriction because of which SKU cannot be used.

Name Type Description
reasonCode

The reason for the restriction. As of now this can be "QuotaId" or "NotAvailableForSubscription". Quota Id is set when the SKU has requiredQuotas parameter as the subscription does not belong to that quota. The "NotAvailableForSubscription" is related to capacity at DC.

type
  • string

The type of restrictions. As of now only possible value for this is location.

values
  • string[]

The value of restrictions. If the restriction type is set to location. This would be different locations where the SKU is restricted.

Sku

The SKU of the storage account.

Name Type Description
capabilities

The capability information in the specified SKU, including file encryption, network ACLs, change notification, etc.

kind

Indicates the type of storage account.

locations
  • string[]

The set of locations that the SKU is available. This will be supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.).

name

Gets or sets the SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

resourceType
  • string

The type of the resource, usually it is 'storageAccounts'.

restrictions

The restrictions because of which SKU cannot be used. This is empty if there are no restrictions.

tier

Gets the SKU tier. This is based on the SKU name.

SKUCapability

The capability information in the specified SKU, including file encryption, network ACLs, change notification, etc.

Name Type Description
name
  • string

The name of capability, The capability information in the specified SKU, including file encryption, network ACLs, change notification, etc.

value
  • string

A string value to indicate states of given capability. Possibly 'true' or 'false'.

SkuName

Gets or sets the SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

Name Type Description
Premium_LRS
  • string
Premium_ZRS
  • string
Standard_GRS
  • string
Standard_GZRS
  • string
Standard_LRS
  • string
Standard_RAGRS
  • string
Standard_RAGZRS
  • string
Standard_ZRS
  • string

SkuTier

Gets the SKU tier. This is based on the SKU name.

Name Type Description
Premium
  • string
Standard
  • string

State

Gets the state of virtual network rule.

Name Type Description
deprovisioning
  • string
failed
  • string
networkSourceDeleted
  • string
provisioning
  • string
succeeded
  • string

StorageAccount

The storage account.

Name Type Description
id
  • string

Fully qualified resource Id for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

identity

The identity of the resource.

kind

Gets the Kind.

location
  • string

The geo-location where the resource lives

name
  • string

The name of the resource

properties.accessTier

Required for storage accounts where kind = BlobStorage. The access tier used for billing.

properties.azureFilesIdentityBasedAuthentication

Provides the identity based authentication settings for Azure Files.

properties.creationTime
  • string

Gets the creation date and time of the storage account in UTC.

properties.customDomain

Gets the custom domain the user assigned to this storage account.

properties.encryption

Gets the encryption settings on the account. If unspecified, the account is unencrypted.

properties.failoverInProgress
  • boolean

If the failover is in progress, the value will be true, otherwise, it will be null.

properties.geoReplicationStats

Geo Replication Stats

properties.isHnsEnabled
  • boolean

Account HierarchicalNamespace enabled if sets to true.

properties.lastGeoFailoverTime
  • string

Gets the timestamp of the most recent instance of a failover to the secondary location. Only the most recent timestamp is retained. This element is not returned if there has never been a failover instance. Only available if the accountType is Standard_GRS or Standard_RAGRS.

properties.networkAcls

Network rule set

properties.primaryEndpoints

Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that Standard_ZRS and Premium_LRS accounts only return the blob endpoint.

properties.primaryLocation
  • string

Gets the location of the primary data center for the storage account.

properties.provisioningState

Gets the status of the storage account at the time the operation was called.

properties.secondaryEndpoints

Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the secondary location of the storage account. Only available if the SKU name is Standard_RAGRS.

properties.secondaryLocation
  • string

Gets the location of the geo-replicated secondary for the storage account. Only available if the accountType is Standard_GRS or Standard_RAGRS.

properties.statusOfPrimary

Gets the status indicating whether the primary location of the storage account is available or unavailable.

properties.statusOfSecondary

Gets the status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS.

properties.supportsHttpsTrafficOnly
  • boolean

Allows https traffic only to storage service if sets to true.

sku

Gets the SKU.

tags
  • object

Resource tags.

type
  • string

The type of the resource. Ex- Microsoft.Compute/virtualMachines or Microsoft.Storage/storageAccounts.

StorageAccountCreateParameters

The parameters used when creating a storage account.

Name Type Description
identity

The identity of the resource.

kind

Required. Indicates the type of storage account.

location
  • string

Required. Gets or sets the location of the resource. This will be one of the supported and registered Azure Geo Regions (e.g. West US, East US, Southeast Asia, etc.). The geo region of a resource cannot be changed once it is created, but if an identical geo region is specified on update, the request will succeed.

properties.accessTier

Required for storage accounts where kind = BlobStorage. The access tier used for billing.

properties.azureFilesIdentityBasedAuthentication

Provides the identity based authentication settings for Azure Files.

properties.customDomain

User domain assigned to the storage account. Name is the CNAME source. Only one custom domain is supported per storage account at this time. To clear the existing custom domain, use an empty string for the custom domain name property.

properties.encryption

Provides the encryption settings on the account. If left unspecified the account encryption settings will remain the same. The default setting is unencrypted.

properties.isHnsEnabled
  • boolean

Account HierarchicalNamespace enabled if sets to true.

properties.networkAcls

Network rule set

properties.supportsHttpsTrafficOnly
  • boolean

Allows https traffic only to storage service if sets to true. The default value is true since API version 2019-04-01.

sku

Required. Gets or sets the SKU name.

tags
  • object

Gets or sets a list of key value pairs that describe the resource. These tags can be used for viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key with a length no greater than 128 characters and a value with a length no greater than 256 characters.

VirtualNetworkRule

Virtual Network rule.

Name Type Description
action

The action of virtual network rule.

id
  • string

Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.

state

Gets the state of virtual network rule.