-
Notifications
You must be signed in to change notification settings - Fork 0
/
storage.bicep
47 lines (41 loc) · 1.23 KB
/
storage.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
@description('Storage redundancy (recommended to use at least ZRS)')
@allowed([
'Standard_LRS'
'Standard_ZRS'
'Standard_GRS'
'Standard_GZRS'
])
param skuName string = 'Standard_ZRS'
@description('The ID of the user who should be allowed to manage Terraform state')
param userId string
resource account 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: take('stterraformstate${uniqueString(resourceGroup().id)}', 24)
location: resourceGroup().location
sku: {
name: skuName
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowSharedKeyAccess: false
supportsHttpsTrafficOnly: true
}
resource bs 'blobServices' = {
name: 'default'
resource container 'containers' = {
name: 'tfstate'
}
}
}
var blobDataContributor = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = {
name: guid(resourceGroup().id, blobDataContributor)
scope: account
properties: {
principalType: 'User'
principalId: userId
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', blobDataContributor)
}
}
output account string = account.name
output container string = account::bs::container.name