As a cloud administrator, you can leverage the Microsoft Azure plug-in to create storage accounts using templates in VMware Aria Automation. You can attach the storage account to an Azure resource to ensure that your data objects are only accessible through the storage account.
You can easily configure your Azure storage accounts to support your infrastructure needs. For example, you can use encryption properties in your cloud templates to control access to the storage account.
Creating, updating, and deleting storage account resources is supported in VMware Aria Automation.
Storage account properties
The following properties are required to provision storage account resources.
Property | Description |
---|---|
name |
The plug-in specific name for the resource. You can use the same value for the |
account_name |
The name for the storage account resource. |
account |
The Microsoft Azure cloud account for account regions to which your team deploys cloud templates. See Create a Microsoft Azure cloud account in VMware Aria Automation for more information. |
location |
The location where the storage account resource will be deployed. |
sku_name |
The SKU name for the storage account. |
resource_group_name |
The name of the resource group. You must create the resource group in your Azure portal. |
The following sections contain example templates for provisioning storage accounts. After you provision your storage account, you can provision data storage in your Azure portal.
Provision a basic storage account
The following template shows how you might provision a basic storage account.
formatVersion: 1 inputs: {} resources: Idem_AZURE_STORAGE_RESOURCE_PROVIDER_STORAGE_ACCOUNTS_1: type: Idem.AZURE.STORAGE_RESOURCE_PROVIDER.STORAGE_ACCOUNTS properties:name: validate_azure_storageacct account: azure-account resource_group_name: validate_azure_rg location: eastus sku_name: Standard_LRS account_name: validateazurestorageacct tags: key: value allow_blob_public_access: true identity: type: SystemAssigned
Provision a storage account with a customer-managed key
The following template shows how you might provision a storage account with a customer-managed key.
Before you deploy the template, you must create a customer-managed key in your Azure portal. See Configure customer-managed keys in the same tenant for a new storage account in the Microsoft Azure documentation.
formatVersion: 1 inputs: {} resources: Idem_AZURE_STORAGE_RESOURCE_PROVIDER_STORAGE_ACCOUNTS_1: type: Idem.AZURE.STORAGE_RESOURCE_PROVIDER.STORAGE_ACCOUNTS properties: name: validateazurestorageaccount account: azure-account location: eastus sku_name: Standard_LRS account_name: validateazurestorageaccount resource_group_name: validate_azure_rg identity: type: UserAssigned user_assigned_identities: /subscriptions/svpvln45-brk0-mzca-7yxh-dla7h19zxyn3/resourcegroups/azure-test/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-idem-managed-identity: {} encryption_service: encryption_key_source: Microsoft.Keyvault blob_encryption_key_type: Account file_encryption_key_type: Account customer_managed_key: key_name: idem-key key_vault_uri: https://my-idem-key-vault.vault.azure.net key_version: '' user_assigned_identity_id: /subscriptions/svpvln45-brk0-mzca-7yxh-dla7h19zxyn3/resourcegroups/azure-test/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-idem-managed-identity
Provision a storage account with an immutability policy
The following template shows how you might provision a storage account with an immutability policy. You can use the immutability_policy
property to define the account-level immutability policy for your objects.
formatVersion: 1 inputs: {} resources: Idem_AZURE_STORAGE_RESOURCE_PROVIDER_STORAGE_ACCOUNTS_1: type: Idem.AZURE.STORAGE_RESOURCE_PROVIDER.STORAGE_ACCOUNTS properties: name: validateazurestorageaccount account: azure-account location: eastus sku_name: Standard_GRS account_name: validateazurestorageaccount resource_group_name: validate_azure_rg enable_https_traffic_only: false key_policy: key_expiration_period_in_days: 25 is_hns_enabled: false allow_blob_public_access: false min_tls_version: TLS1_2 allow_shared_key_access: true public_network_access: Disabled encryption_service: file_encryption_key_type: Account blob_encryption_key_type: Account encryption_key_source: Microsoft.Storage require_infrastructure_encryption: false immutability_policy: allow_protected_append_writes: true period_since_creation_in_days: 5 state: Unlocked tags: abc: def