I’ve created a module to deploy storage accounts to azure, with some logic involved that will look at a variable called is_production and change values based on that.
Currently when is_production is set to True I am getting a weird issue where the argument account_replication_type is changed from GRS to Premium_GRS.
I cannot figure out why it is doing this. I’ve hard coded it within the resource and used a variable and it still prefixes it with the Premium_.
Below is the code I’ve written for this module - I’m using for_each loops to create multiple resources within one resource block. I’m wondering if it has something to do with that as the local I’m using will define if the storage account tier is Premium or Standard.
Root main.tf →
module "create_storage_account" {
source = "./modules/storage"
location_short = var.location_short
resource_group_name = module.create_resource_group.rgp_name_primary
resource_group_location = module.create_resource_group.rgp_location_primary
resource_group_name_secondary = module.create_resource_group.rgp_name_secondary
resource_group_location_secondary = module.create_resource_group.rgp_location_secondary
client_name = var.client_name
is_production = var.is_production
storage_config = var.storage_config
tags = var.tags
}
main.tf →
resource "azurerm_storage_account" "storage_account" {
for_each = { for tier in local.st_tier : tier => tier }
name = format("some%sname%s", var.location_short, var.client_name)
resource_group_name = var.resource_group_name
location = var.resource_group_location
account_kind = "StorageV2"
account_tier = each.key
access_tier = "Hot"
account_replication_type = "GRS"
tags = var.tags
}
resource "azurerm_storage_account" "storage_account_secondary" {
for_each = { for tier in local.st_tier : tier => tier if var.is_production != false }
name = format("some%sname%s", var.secondary_location, var.client_name)
resource_group_name = var.resource_group_name_secondary
location = var.resource_group_location_secondary
account_kind = "StorageV2"
account_tier = each.key
access_tier = "Hot"
account_replication_type = "GRS"
tags = var.tags
}
resource "azurerm_storage_table" "caches_and_stores" {
for_each = { for names in local.table_names : names => names }
name = each.value
storage_account_name = azurerm_storage_account.storage_account[var.is_production ? "Premium" : "Standard"].name
}
resource "azurerm_storage_table" "caches_and_stores_secondary" {
for_each = { for names in local.table_names : names => names if var.is_production != false }
name = each.value
storage_account_name = azurerm_storage_account.storage_account_secondary[var.is_production ? "Premium" : "Standard"].name
}
variable.tf →
locals {
table_names = {
table_1 = "FileTypeDetectionCache"
table_2 = "DataRetentionPolicyCache"
table_3 = "HeldTransactionStore"
table_4 = "SuccessfulTransactionStore"
}
st_tier = var.is_production ? ["Premium"] : ["Standard"]
}
variable "storage_config" {
type = list(object({
name = string
account_kind = string
account_tier = string
access_tier = string
account_replication_type = string
}))
}
variable "is_production" {
type = bool
default = false
}
variable "resource_group_name" {
type = string
}
variable "resource_group_location" {
type = string
}
variable "resource_group_name_secondary" {
type = string
}
variable "resource_group_location_secondary" {
type = string
}
variable "secondary_location" {
type = string
default = ""
}
variable "location_short" {
type = string
default = ""
}
variable "tags" {
type = map(string)
}
variable "client_name" {
type = string
default = ""
}
TF Apply output →
# module.create_storage_account.azurerm_storage_account.storage_account_secondary["Premium"] will be created
+ resource "azurerm_storage_account" "storage_account_secondary" {
+ access_tier = "Hot"
+ account_kind = "StorageV2"
+ account_replication_type = "GRS"
+ account_tier = "Premium"
+ allow_blob_public_access = false
+ enable_https_traffic_only = true
+ id = (known after apply)
+ infrastructure_encryption_enabled = false
+ is_hns_enabled = false
+ large_file_share_enabled = (known after apply)
+ location = "ukwest"
+ min_tls_version = "TLS1_0"
+ name = "ft8sa88trds8test"
+ nfsv3_enabled = false
+ primary_access_key = (sensitive value)
+ primary_blob_connection_string = (sensitive value)
+ primary_blob_endpoint = (known after apply)
+ primary_blob_host = (known after apply)
+ primary_connection_string = (sensitive value)
+ primary_dfs_endpoint = (known after apply)
+ primary_dfs_host = (known after apply)
+ primary_file_endpoint = (known after apply)
+ primary_file_host = (known after apply)
+ primary_location = (known after apply)
+ primary_queue_endpoint = (known after apply)
+ primary_queue_host = (known after apply)
+ primary_table_endpoint = (known after apply)
+ primary_table_host = (known after apply)
+ primary_web_endpoint = (known after apply)
+ primary_web_host = (known after apply)
+ queue_encryption_key_type = "Service"
+ resource_group_name = "rgp-ukw-gwc-test-main"
+ secondary_access_key = (sensitive value)
+ secondary_blob_connection_string = (sensitive value)
+ secondary_blob_endpoint = (known after apply)
+ secondary_blob_host = (known after apply)
+ secondary_connection_string = (sensitive value)
+ secondary_dfs_endpoint = (known after apply)
+ secondary_dfs_host = (known after apply)
+ secondary_file_endpoint = (known after apply)
+ secondary_file_host = (known after apply)
+ secondary_location = (known after apply)
+ secondary_queue_endpoint = (known after apply)
+ secondary_queue_host = (known after apply)
+ secondary_table_endpoint = (known after apply)
+ secondary_table_host = (known after apply)
+ secondary_web_endpoint = (known after apply)
+ secondary_web_host = (known after apply)
+ shared_access_key_enabled = true
+ table_encryption_key_type = "Service"
+ tags = {
+ "area" = "Prod"
+ "datadog" = "Monitored"
+ "group" = "Glasswall Email"
+ "product" = "Email"
}
+ blob_properties {
+ change_feed_enabled = (known after apply)
+ default_service_version = (known after apply)
+ last_access_time_enabled = (known after apply)
+ versioning_enabled = (known after apply)
+ container_delete_retention_policy {
+ days = (known after apply)
}
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ delete_retention_policy {
+ days = (known after apply)
}
}
+ network_rules {
+ bypass = (known after apply)
+ default_action = (known after apply)
+ ip_rules = (known after apply)
+ virtual_network_subnet_ids = (known after apply)
+ private_link_access {
+ endpoint_resource_id = (known after apply)
+ endpoint_tenant_id = (known after apply)
}
}
+ queue_properties {
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ hour_metrics {
+ enabled = (known after apply)
+ include_apis = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
}
+ logging {
+ delete = (known after apply)
+ read = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
+ write = (known after apply)
}
+ minute_metrics {
+ enabled = (known after apply)
+ include_apis = (known after apply)
+ retention_policy_days = (known after apply)
+ version = (known after apply)
}
}
+ routing {
+ choice = (known after apply)
+ publish_internet_endpoints = (known after apply)
+ publish_microsoft_endpoints = (known after apply)
}
+ share_properties {
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ exposed_headers = (known after apply)
+ max_age_in_seconds = (known after apply)
}
+ retention_policy {
+ days = (known after apply)
}
+ smb {
+ authentication_types = (known after apply)
+ channel_encryption_type = (known after apply)
+ kerberos_ticket_encryption_type = (known after apply)
+ versions = (known after apply)
}
}
}
I’d love for someone to tell me what I’m doing wrong and if anything could be improved.
Thanks in advance,
Matthew