Azurerm_storage_account - allow-blob-public-access

Hi there,

is it somehow possible to set allow-blob-public-access false on creating azurerm_storage_account? Our company policy is preventing a creation of storage accounts that allow allow-blob-public-access true. Example I’m trying to run:

AZURE_STORAGE_ACCOUNT_ID="velero$(uuidgen | cut -d '-' -f5 | tr '[A-Z]' '[a-z]')"
az storage account create \
    --allow-blob-public-access false \
    --min-tls-version TLS1_2 \
    --name $AZURE_STORAGE_ACCOUNT_ID \
    --resource-group example-resources \
    --sku Standard_GRS \
    --encryption-services blob \
    --https-only true \
    --kind BlobStorage \
    --access-tier Hot

YAML so far:

resource "azurerm_storage_account" "example" {
  name                     = "examplestoracc"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

Cheers,
Szop

I think you want Terraform Registry

I have no idea why the provider authors decided to give that setting a different name to Azure’s API.

By the way…

this is HCL, not YAML.

it worked! thanks :). About the YAML and HCL: yes, you are write. I’ve been switching between Terraform and k8s, thats were I got the confusion from. Thanks again.

@mrszop by default, it comes with the flag false, but if you want to explicit it, you can insert this line: “allow_blob_public_access = true” as bellow:

resource “azurerm_storage_account” “example” {
name = “examplestoracc”
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = “Standard”
account_replication_type = “LRS”
allow_blob_public_access = false
}