Terraform code not creating multiple rules in Azure Storage lifecycle
I have tried to create Azure storage lifecycle via IAC terraform. But facing the below error.
Expected to create multiples rules for storage lifecycle , but only one rule is created. If we re-run the terraform apply , it is overlapping old rule and still creating 1 rule. I am using default value of variable "rules" .
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.72.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
account_kind = var.account_kind
account_tier = var.account_tier
account_replication_type = "LRS"
access_tier = var.access_tier
}
resource "azurerm_storage_management_policy" "storage_management_policy" {
storage_account_id = azurerm_storage_account.storage_account.id
for_each = var.rules
rule {
name = each.value.name
enabled = true
filters {
prefix_match = each.value.prefix_match
blob_types = ["blockBlob"]
}
actions {
base_blob {
delete_after_days_since_creation_greater_than= each.value.base_blob.delete_after_days_since_creation_greater_than
}
}
}
}
Var.tf:
variable "storage_account_name" {
type = string
description = "The name of the Storage Account."
default = "sakinaka"
}
variable "resource_group_name" {
type = string
description = "The name of the Resource Group where the Storage Account is located."
default = "bombay"
}
variable "location" {
type = string
description = "The location where the Storage Account is created."
default = "East US"
}
variable "account_kind" {
type = string
description = "The kind of the Storage Account."
default = "StorageV2"
}
variable "account_tier" {
type = string
description = "The tier of the Storage Account."
default = "Standard"
}
variable "access_tier" {
type = string
description = "The access tier of the Storage Account."
default = "Hot"
}
variable "rules" {
type = map(object({
name = string
prefix_match = list(string)
base_blob = object({
delete_after_days_since_creation_greater_than = number
})
}))
default = {
rule3 = {
name = "samplerule3"
prefix_match = []
base_blob = {
delete_after_days_since_creation_greater_than = 365
}
},
rule4 = {
name = "samplerule4"
type = "Lifecycle"
prefix_match = ["arch/"]
base_blob = {
delete_after_days_since_creation_greater_than = 90
}
}
}
}
Solution
You can use below code to create storage account and 2 lifecycle rules. Follow the Azure Storage Account Management Policy for more details.
main.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.72.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
account_kind = var.account_kind
account_tier = var.account_tier
account_replication_type = "LRS"
access_tier = var.access_tier
lifecycle {
prevent_destroy = true
}
}
resource "azurerm_storage_management_policy" "storage_management_policy" {
storage_account_id = azurerm_storage_account.storage_account.id
dynamic "rule" {
for_each = var.storage_account_rules
content {
enabled = rule.value.enabled
name = rule.value.name
actions {
base_blob {
delete_after_days_since_modification_greater_than = rule.value.base_blob.delete_after_days_since_modification_greater_than
}
}
filters {
blob_types = rule.value.blob_types
prefix_match = rule.value.prefix_match
}
}
}
}
varaibles.tf
variable "storage_account_name" {
type = string
description = "The name of the Storage Account."
default = "venaktstoragetest1"
}
variable "resource_group_name" {
type = string
description = "The name of the Resource Group where the Storage Account is located."
default = "storage-RG"
}
variable "location" {
type = string
description = "The location where the Storage Account is created."
default = "East US"
}
variable "account_kind" {
type = string
description = "The kind of the Storage Account."
default = "StorageV2"
}
variable "account_tier" {
type = string
description = "The tier of the Storage Account."
default = "Standard"
}
variable "access_tier" {
type = string
description = "The access tier of the Storage Account."
default = "Hot"
}
variable "storage_account_rules" {
type = map(object({
name = string
enabled = bool
prefix_match = list(string)
blob_types = list(string)
base_blob = object({
delete_after_days_since_modification_greater_than = number
})
}))
default = {
rule1 = {
name = "rule1"
enabled = true
prefix_match = ["container1/prefix1"]
blob_types = ["blockBlob"]
base_blob = {
delete_after_days_since_modification_greater_than = 100
}
},
rule2 = {
name = "rule2"
enabled = false
prefix_match = ["container2/prefix1", "container2/prefix2"]
blob_types = ["blockBlob"]
base_blob = {
delete_after_days_since_modification_greater_than = 101
}
}
}
}
Terraform apply
After running the Terraform code, the storage account with two lifecycle rules was successfully created.
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database