You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| <aname="input_access_tier"></a> [access\_tier](#input\_access\_tier)| Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts. Valid options are Hot, Cool, Cold and Premium. |`string`|`"Hot"`| no |
113
114
| <aname="input_account_kind"></a> [account\_kind](#input\_account\_kind)| Account Kind for the Storage Account |`string`|`"StorageV2"`| no |
114
115
| <aname="input_account_tier"></a> [account\_tier](#input\_account\_tier)| Defines the Tier to use for this storage account. Valid options are Standard and Premium. |`string`|`"Standard"`| no |
116
+
| <aname="input_allow_nested_items_to_be_public"></a> [allow\_nested\_items\_to\_be\_public](#input\_allow\_nested\_items\_to\_be\_public)| Allow nested items within the storage account to be public. |`bool`|`false`| no |
117
+
| <a name="input_blob_properties"></a> [blob\_properties](#input\_blob\_properties) | Blob service properties for advanced features including versioning, soft delete, and CORS configuration.<br/><br/>- change\_feed\_enabled: Enable change feed for the blob service<br/>- change\_feed\_retention\_in\_days: Retention period in days for change feed (1-146000)<br/>- default\_service\_version: Default API version for blob service requests<br/>- last\_access\_time\_enabled: Enable last access time tracking for lifecycle management<br/>- versioning\_enabled: Enable blob versioning<br/>- container\_delete\_retention\_policy: Soft delete retention for deleted containers<br/>- cors\_rule: CORS rules for blob service<br/>- delete\_retention\_policy: Soft delete retention for deleted blobs (1-365 days)<br/>- restore\_policy: Point-in-time restore configuration (requires versioning and delete retention) | <pre>object({<br/> change_feed_enabled = optional(bool, false)<br/> change_feed_retention_in_days = optional(number, null)<br/> default_service_version = optional(string, null)<br/> last_access_time_enabled = optional(bool, false)<br/> versioning_enabled = optional(bool, false)<br/> container_delete_retention_policy = optional(object({<br/> days = number<br/> }), null)<br/> cors_rule = optional(list(object({<br/> allowed_headers = list(string)<br/> allowed_methods = list(string)<br/> allowed_origins = list(string)<br/> exposed_headers = list(string)<br/> max_age_in_seconds = number<br/> })), null)<br/> delete_retention_policy = optional(object({<br/> days = number<br/> }), null)<br/> restore_policy = optional(object({<br/> days = number<br/> }), null)<br/> })</pre> | `null` | no |
115
118
| <aname="input_cmk_key_name"></a> [cmk\_key\_name](#input\_cmk\_key\_name)| Name of an existing Key Vault key to use for customer-managed encryption. If null, a new key will be created when enable\_customer\_managed\_key is true. |`string`|`null`| no |
116
119
| <aname="input_cmk_key_size"></a> [cmk\_key\_size](#input\_cmk\_key\_size)| The size of the RSA key for CMK |`number`|`4096`| no |
117
120
| <aname="input_cmk_key_type"></a> [cmk\_key\_type](#input\_cmk\_key\_type)| The type of key to create for CMK. Use 'RSA-HSM' for FedRAMP High or 'RSA' for standard |`string`|`"RSA"`| no |
@@ -120,18 +123,22 @@ No requirements.
120
123
| <aname="input_cmk_rotation_policy_enabled"></a> [cmk\_rotation\_policy\_enabled](#input\_cmk\_rotation\_policy\_enabled)| Enable automatic rotation policy for the CMK key |`bool`|`true`| no |
121
124
| <aname="input_cmk_rotation_time_before_expiry"></a> [cmk\_rotation\_time\_before\_expiry](#input\_cmk\_rotation\_time\_before\_expiry)| Time before expiry when rotation should occur (ISO 8601 format, e.g., P30D for 30 days) |`string`|`"P30D"`| no |
122
125
| <aname="input_cross_tenant_replication_enabled"></a> [cross\_tenant\_replication\_enabled](#input\_cross\_tenant\_replication\_enabled)| Should cross Tenant replication be enabled? Source storage account is in one AAD tenant, and the destination account is in a different tenant. |`bool`|`false`| no |
126
+
| <aname="input_default_action"></a> [default\_action](#input\_default\_action)| The default action for network rules. Valid options are 'Allow' or 'Deny'. |`string`|`"Deny"`| no |
123
127
| <aname="input_diag_log_analytics_id"></a> [diag\_log\_analytics\_id](#input\_diag\_log\_analytics\_id)| ID of the Log Analytics workspace diag settings should be stored in. |`string`| n/a | yes |
124
128
| <aname="input_enable_advanced_threat_protection"></a> [enable\_advanced\_threat\_protection](#input\_enable\_advanced\_threat\_protection)| Whether advanced threat protection is enabled. |`bool`|`false`| no |
125
129
| <aname="input_enable_customer_managed_key"></a> [enable\_customer\_managed\_key](#input\_enable\_customer\_managed\_key)| Enable customer-managed key encryption for the storage account |`bool`|`true`| no |
126
130
| <aname="input_enable_system_assigned_identity"></a> [enable\_system\_assigned\_identity](#input\_enable\_system\_assigned\_identity)| Enable system-assigned managed identity |`bool`|`true`| no |
127
131
| <aname="input_endpoint_subnet_id"></a> [endpoint\_subnet\_id](#input\_endpoint\_subnet\_id)| The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. |`string`|`null`| no |
132
+
| <aname="input_https_traffic_only_enabled"></a> [https\_traffic\_only\_enabled](#input\_https\_traffic\_only\_enabled)| Is HTTPS traffic only enabled? |`bool`|`true`| no |
128
133
| <aname="input_identity_ids"></a> [identity\_ids](#input\_identity\_ids)| List of user-assigned managed identity IDs |`list(string)`|`null`| no |
134
+
| <aname="input_infrastructure_encryption_enabled"></a> [infrastructure\_encryption\_enabled](#input\_infrastructure\_encryption\_enabled)| Is infrastructure encryption enabled? This provides a second layer of encryption at rest for data in the storage account. |`bool`|`true`| no |
129
135
| <aname="input_ip_rules"></a> [ip\_rules](#input\_ip\_rules)| List of public IP or IP ranges in CIDR Format. Only IPv4 addresses are allowed. Private IP address ranges are not allowed. |`list(string)`|`null`| no |
130
136
| <aname="input_is_hns_enabled"></a> [is\_hns\_enabled](#input\_is\_hns\_enabled)| Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2. |`bool`|`false`| no |
131
137
| <a name="input_lifecycle_policies"></a> [lifecycle\_policies](#input\_lifecycle\_policies) | List of lifecycle policies to apply to the storage account. Refer to the documentation for more information. | <pre>list(object({<br/> prefix_match = set(string)<br/> base_blob = optional(object({<br/> tier_to_cool_after_days_since_modification_greater_than = optional(number)<br/> tier_to_cool_after_days_since_last_access_time_greater_than = optional(number)<br/> tier_to_archive_after_days_since_modification_greater_than = optional(number)<br/> tier_to_archive_after_days_since_last_access_time_greater_than = optional(number)<br/> tier_to_archive_after_days_since_last_tier_change_greater_than = optional(number)<br/> delete_after_days_since_modification_greater_than = optional(number)<br/> delete_after_days_since_last_access_time_greater_than = optional(number)<br/> }))<br/> version = optional(object({<br/> tier_to_cool_after_days_since_modification_greater_than = optional(number)<br/> change_tier_to_archive_after_days_since_creation = optional(number)<br/> tier_to_archive_after_days_since_last_tier_change_greater_than = optional(number)<br/> change_tier_to_cool_after_days_since_creation = optional(number)<br/> delete_after_days_since_creation = optional(number)<br/> }))<br/> snapshot = optional(object({<br/> change_tier_to_archive_after_days_since_creation = optional(number)<br/> tier_to_archive_after_days_since_last_tier_change_greater_than = optional(number)<br/> change_tier_to_cool_after_days_since_creation = optional(number)<br/> delete_after_days_since_creation_greater_than = optional(number)<br/> }))<br/> }))</pre> | `null` | no |
132
138
| <aname="input_location"></a> [location](#input\_location)| The Azure location/region to create resources in. |`string`| n/a | yes |
139
+
| <aname="input_min_tls_version"></a> [min\_tls\_version](#input\_min\_tls\_version)| The minimum TLS version to be permitted on requests to storage. Possible values include: 'TLS1\_0', 'TLS1\_1', 'TLS1\_2'. |`string`|`"TLS1_2"`| no |
133
140
| <aname="input_name"></a> [name](#input\_name)| The storage account name |`string`| n/a | yes |
134
-
| <aname="input_network_rules_bypass"></a> [network\_rules\_bypass](#input\_network\_rules\_bypass)| Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None. |`list(string)`|`null`| no |
141
+
| <aname="input_network_rules_bypass"></a> [network\_rules\_bypass](#input\_network\_rules\_bypass)| Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None. |`list(string)`|<pre>[<br/> "AzureServices",<br/> "Logging",<br/> "Metrics"<br/>]</pre>| no |
135
142
| <aname="input_nfsv3_enabled"></a> [nfsv3\_enabled](#input\_nfsv3\_enabled)| Is NFSv3 protocol enabled. |`bool`|`false`| no |
136
143
| <aname="input_private_dns_zone_id"></a> [private\_dns\_zone\_id](#input\_private\_dns\_zone\_id)| The ID of the private DNS zone to link to the private endpoint if applicable. |`string`|`null`| no |
137
144
| <aname="input_private_endpoint_subresource_names"></a> [private\_endpoint\_subresource\_names](#input\_private\_endpoint\_subresource\_names)| Subresource name which the private endpoint is able to connect to. |`list(string)`|`[]`| no |
0 commit comments