[u] update storage acct creation to include storageInfrastructureEncr…

…yption property
Azure-Samples · Nov 18, 2024 · 48256a0 · 48256a0
1 parent 9b4dfae
commit 48256a0
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 0 deletions.
diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep
@@ -25,12 +25,19 @@ param publicNetworkAccess string = 'Enabled'
 param sku object = { name: 'Standard_LRS' }
 @allowed([ 'None', 'AzureServices' ])
 param bypass string = 'AzureServices'
+param storageInfrastructureEncryption string = 'Disabled'
 
 var networkAcls = (publicNetworkAccess == 'Enabled') ? {
   bypass: bypass
   defaultAction: 'Allow'
 } : { defaultAction: 'Deny' }
 
+var encryption = (storageInfrastructureEncryption == 'Enabled') ? {
+  requireInfrastructureEncryption: true
+} : {
+  requireInfrastructureEncryption: false
+}
+
 resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   name: name
   location: location
@@ -49,6 +56,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
     networkAcls: networkAcls
     publicNetworkAccess: publicNetworkAccess
     supportsHttpsTrafficOnly: supportsHttpsTrafficOnly
+    encryption: encryption
   }
 
   resource blobServices 'blobServices' = if (!empty(containers)) {

diff --git a/infra/main.bicep b/infra/main.bicep
@@ -36,6 +36,7 @@ param storageResourceGroupName string = '' // Set in main.parameters.json
 param storageResourceGroupLocation string = location
 param storageContainerName string = 'content'
 param storageSkuName string // Set in main.parameters.json
+param storageInfrastructureEncryption string // Set in main.parameters.json
 
 param userStorageAccountName string = ''
 param userStorageContainerName string = 'user-content'
@@ -662,6 +663,7 @@ module storage 'core/storage/storage-account.bicep' = {
         publicAccess: 'None'
       }
     ]
+    storageInfrastructureEncryption: storageInfrastructureEncryption
   }
 }
 
@@ -688,6 +690,7 @@ module userStorage 'core/storage/storage-account.bicep' = if (useUserUpload) {
         publicAccess: 'None'
       }
     ]
+    storageInfrastructureEncryption: storageInfrastructureEncryption
   }
 }
 

diff --git a/infra/main.parameters.json b/infra/main.parameters.json
@@ -80,6 +80,9 @@
     "storageSkuName": {
       "value": "${AZURE_STORAGE_SKU=Standard_LRS}"
     },
+    "storageInfrastructureEncryption": {
+      "value": "${AZURE_STORAGE_INFRA_ENCRYPTION}"
+    },
     "appServicePlanName": {
       "value": "${AZURE_APP_SERVICE_PLAN}"
     },