Skip to main content

Azure Blob Storage Container: Terraform Configuration for Resource Group, Storage Account and Blob Storage Container

370 words·
Azure Blob Storage Container Terraform AzureCLI
Table of Contents

Azure CLI Commands
#

Login
# 

# Login
az login --use-device-code

# Shell output:
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CWZNML6AQ to authenticate.

List Subscriptions
# 

# List available subscriptions
az account list --output table

# Shell output:
Name                  CloudName    SubscriptionId                        TenantId                              State    IsDefault
--------------------  -----------  ------------------------------------  ------------------------------------  -------  -----------
Azure subscription 1  AzureCloud   0176a19a-b0d5-4eea-91ff-58a2a48a5b77  30d87815-66f1-4913-aaf0-59e831a67a00  Enabled  False
jkw-sub-1             AzureCloud   a2cd7180-09c5-44a1-8b6a-36d312f0cd40  30d87815-66f1-4913-aaf0-59e831a67a00  Enabled  True



Terraform Project
#

File and Folder Structure
#

The file and folder structure of the terraform project looks like this:

azure-blob
├── azure_blob.tf
├── terraform.tf

Create Project Folder
# 

# Create a new folder for the Terraform project
mkdir azure-blob && cd azure-blob

Terraform Provider & Locals
#

  • terraform.tf
# Terraform Provider
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "4.32.0"
    }
  }
}

# Configure the Microsoft Azure Provider
provider "azurerm" {
  alias = "azure-jkw-prod"
  features {}
  subscription_id = "a2cd7180-09c5-44a1-8b6a-36d312f0cd40"
}

# Locals
locals {
  location = "westeurope"

  tags = {
    prod = {
      environment = "prod"
      owner       = "jkw"
    }
  }
}

Storage Account & Storage Container
#

  • azure_blob.tf
# Azure Storage

## Resource Group
resource "azurerm_resource_group" "rg_jkwprod001" {
  provider = azurerm.azure-jkw-prod
  name     = "rg-jkw-prod-001"
  location = local.location
}

## Storage Account
resource "azurerm_storage_account" "storage_prod" {
  provider                         = azurerm.azure-jkw-prod
  resource_group_name              = azurerm_resource_group.rg_jkwprod001.name
  name                             = "jkwprodsa1"
  location                         = local.location
  account_tier                     = "Standard"
  account_replication_type         = "LRS"
  cross_tenant_replication_enabled = false
  tags                             = local.tags.prod
}

## Blob Storage Container
resource "azurerm_storage_container" "backups_prod" {
  provider              = azurerm.azure-jkw-prod
  name                  = "backups-prod"
  storage_account_id    = azurerm_storage_account.storage_prod.id
  container_access_type = "private"
}


# Outputs

## Storage Account Name
output "storage_account_name" {
  value = azurerm_storage_account.storage_prod.name
}

## Storage Account Blob Endpoint
output "storage_account_blob_endpoint" {
  value = azurerm_storage_account.storage_prod.primary_blob_endpoint
}

## Storage Account Primary Access Key
output "storage_account_access_key" {
  value = azurerm_storage_account.storage_prod.primary_access_key
  sensitive = true
}

## Storage Container Name
output "container_name" {
  value = azurerm_storage_container.backups_prod.name
}

Apply Configuration
# 

# Apply configuration
terraform apply -auto-approve

# Shell output:
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

container_name = "backups-prod"
storage_account_access_key = <sensitive>
storage_account_blob_endpoint = "https://jkwprodsa1.blob.core.windows.net/"
storage_account_name = "jkwprodsa1"

Storage Account Access Key
#

List the StorageAccount access key:

# List SA access key
terraform output storage_account_access_key

# Shell output:
"dudM2-mysecureaccesskeyVKllw=="