Search code examples
azureazure-devopsazure-rm-templateazure-bicep

Adding Life Cycle Management Rules for Blob Storage using Bicep Template Azure

I am working on building an azure bicep file to deploy Azure resources.

Within the same bicep file, I am creating a storage account, a couple of containers, and some management policies. Within the Microsoft documentation:

Before you configure a lifecycle management policy, you can choose to enable blob access time tracking. When access time tracking is enabled, a lifecycle management policy can include an action based on the time that the blob was last accessed with reading or write operation.

Though I am following the documentation in terms of enabling the last access time tracking policy according to the documentation, and running the management policies within the same bicep file, I am still running into this error:

"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details. Last access time based tracking policy must be enabled before using its specific actions in object lifecycle management policy"

Here is my bicep file:

resource storage_account_blob 'Microsoft.Storage/storageAccounts@2019-06-01' = {
    name: 'test'
    location: 'East US'
    sku: {
        name: 'Standard_RAGRS'
    }
    kind: 'StorageV2'
    
    properties: {
        networkAcls: {
      bypass: 'AzureServices'
      virtualNetworkRules: []
      ipRules: []
      defaultAction: 'Allow'
    }
    
    supportsHttpsTrafficOnly: true
    encryption: {
      services: {
        file: {
          keyType: 'Account'
          enabled: true
        }
        blob: {
          keyType: 'Account'
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
  }
}

resource blobStorageService 'Microsoft.Storage/storageAccounts/blobServices@2019-06-01' = {
    parent: storage_account_blob
    name: 'default'
    properties: {
      lastAccessTimeTrackingPolicy: {
        blobType: [
           'string'
           ]
        enable: true
        name: 'AccessTimeTracking'
        trackingGranularityInDays: 1
      }
    }
}

resource blobStorage_container_input 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = {
    name: 'input'
    properties: {
    defaultEncryptionScope: '$account-encryption-key'
    denyEncryptionScopeOverride: false   
    publicAccess: 'None'
    }
    parent: blobStorageService
}

resource management_policies 'Microsoft.Storage/storageAccounts/managementPolicies@2019-06-01' = {
  name: 'default'
  properties: {
    policy:{
      rules: [
        {
          definition:{
            actions:{
              baseBlob:{
                delete:{
                  daysAfterLastAccessTimeGreaterThan: 60
                }
                tierToArchive:{
                  daysAfterLastAccessTimeGreaterThan: 30
                }
                tierToCool:{
                  daysAfterLastAccessTimeGreaterThan:15
                }
              }
            }
            filters:{
              blobTypes:[
                'blockBlob'
              ]
            }
          }
          enabled: true
          name: 'testRules'
          type: 'Lifecycle'
        }
      ]
    }
  }
  parent: storage_account_blob
}

Do I have to initially maybe create the storage account with the blob service prior to creating the life cycle management policies?

Solution

  • I'm not sure, but have you tried to set an "depends on" on the "resource management_policies" and point it on "resource blobStorageService".