How do I specify in an ARM template that my storage account should have `Public network access` set to `Disabled`?
How do I specify in an ARM template that my storage account should have Public network access set to Disabled ?
I have the following storageAccounts resource in an ARM template and when I upload the template I was expecting to see Public network access set to Disabled, but instead I see 'Enabled from selected virtual networks and IP Addresses', I have tried to put a storage account to Public network access=Disabled manually and export that template and it has the same as I do, so not quite sure how to do it.
My understanding of it is that as long as I keep the virtual networks + IP Addresses to empty arrays then it's the same as putting Public access to Disabled, not sure if this is the logic.
Public network access result of uploading the template:
The resource defined in my ARM template:
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2017-10-01",
"sku": {
"name": "[parameters('storageAccountSku')]",
"tier": "[parameters('storageAccountTier')]"
},
"kind": "StorageV2",
"location": "[parameters('storageAccountLocation')]",
"tags": {},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"defaultToOAuthAuthentication": false,
"supportsHttpsTrafficOnly": true,
"AllowBlobPublicAccess": false,
"targetResourceId": "",
"networkAcls": {
"resourceAccessRules": [],
"bypass": "AzureServices",
"defaultAction": "Deny",
"ipRules": [],
"virtualNetworkRules": []
},
"publicNetworkAccess": "Disabled",
"accessTier": "Hot"
}
}
I could see that you are using "apiVersion": "2017-10-01" and it is a very old version of ARM template for storage account. To avoid the conflicts, use the latest version which is "apiVersion": "2023-01-01".
Refer MSDoc for all the latest available Api versions of"Microsoft.Storage/storageAccounts".
Complete code is given below.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageaccountname": {
"defaultValue": "teststorejah",
"type": "String"
},
"storageAccountType": {
"defaultValue": "Standard_GRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS",
"Premium_LRS"
],
"type": "String",
"metadata": {
"description": "Accounttype"
}
},
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "String",
"metadata": {
"description": "Location"
}
}
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2023-01-01",
"name": "[parameters('storageaccountname')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {
"networkAcls": {
"defaultAction": "Deny",
"bypass": "AzureServices",
"ipRules": [],
"virtualNetworkRules": []
},
"publicNetworkAccess": "Disabled"
}
}
],
"outputs": {}
}
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs