azureazure-devopsterraformterraform-provider-azureterragrunt
Terraform code not creating multiple rules in Azure Storage lifecycle
I have tried to create Azure storage lifecycle via IAC terraform. But facing the below error.
Expected to create multiples rules for storage lifecycle , but only one rule is created. If we re-run the terraform apply , it is overlapping old rule and still creating 1 rule. I am using default value of variable "rules" .
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.72.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
account_kind = var.account_kind
account_tier = var.account_tier
account_replication_type = "LRS"
access_tier = var.access_tier
}
resource "azurerm_storage_management_policy" "storage_management_policy" {
storage_account_id = azurerm_storage_account.storage_account.id
for_each = var.rules
rule {
name = each.value.name
enabled = true
filters {
prefix_match = each.value.prefix_match
blob_types = ["blockBlob"]
}
actions {
base_blob {
delete_after_days_since_creation_greater_than= each.value.base_blob.delete_after_days_since_creation_greater_than
}
}
}
}
Var.tf:
variable "storage_account_name" {
type = string
description = "The name of the Storage Account."
default = "sakinaka"
}
variable "resource_group_name" {
type = string
description = "The name of the Resource Group where the Storage Account is located."
default = "bombay"
}
variable "location" {
type = string
description = "The location where the Storage Account is created."
default = "East US"
}
variable "account_kind" {
type = string
description = "The kind of the Storage Account."
default = "StorageV2"
}
variable "account_tier" {
type = string
description = "The tier of the Storage Account."
default = "Standard"
}
variable "access_tier" {
type = string
description = "The access tier of the Storage Account."
default = "Hot"
}
variable "rules" {
type = map(object({
name = string
prefix_match = list(string)
base_blob = object({
delete_after_days_since_creation_greater_than = number
})
}))
default = {
rule3 = {
name = "samplerule3"
prefix_match = []
base_blob = {
delete_after_days_since_creation_greater_than = 365
}
},
rule4 = {
name = "samplerule4"
type = "Lifecycle"
prefix_match = ["arch/"]
base_blob = {
delete_after_days_since_creation_greater_than = 90
}
}
}
}
Solution
You can use below code to create storage account and 2 lifecycle rules. Follow the Azure Storage Account Management Policy for more details.
main.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.72.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = var.resource_group_name
location = var.location
account_kind = var.account_kind
account_tier = var.account_tier
account_replication_type = "LRS"
access_tier = var.access_tier
lifecycle {
prevent_destroy = true
}
}
resource "azurerm_storage_management_policy" "storage_management_policy" {
storage_account_id = azurerm_storage_account.storage_account.id
dynamic "rule" {
for_each = var.storage_account_rules
content {
enabled = rule.value.enabled
name = rule.value.name
actions {
base_blob {
delete_after_days_since_modification_greater_than = rule.value.base_blob.delete_after_days_since_modification_greater_than
}
}
filters {
blob_types = rule.value.blob_types
prefix_match = rule.value.prefix_match
}
}
}
}
varaibles.tf
variable "storage_account_name" {
type = string
description = "The name of the Storage Account."
default = "venaktstoragetest1"
}
variable "resource_group_name" {
type = string
description = "The name of the Resource Group where the Storage Account is located."
default = "storage-RG"
}
variable "location" {
type = string
description = "The location where the Storage Account is created."
default = "East US"
}
variable "account_kind" {
type = string
description = "The kind of the Storage Account."
default = "StorageV2"
}
variable "account_tier" {
type = string
description = "The tier of the Storage Account."
default = "Standard"
}
variable "access_tier" {
type = string
description = "The access tier of the Storage Account."
default = "Hot"
}
variable "storage_account_rules" {
type = map(object({
name = string
enabled = bool
prefix_match = list(string)
blob_types = list(string)
base_blob = object({
delete_after_days_since_modification_greater_than = number
})
}))
default = {
rule1 = {
name = "rule1"
enabled = true
prefix_match = ["container1/prefix1"]
blob_types = ["blockBlob"]
base_blob = {
delete_after_days_since_modification_greater_than = 100
}
},
rule2 = {
name = "rule2"
enabled = false
prefix_match = ["container2/prefix1", "container2/prefix2"]
blob_types = ["blockBlob"]
base_blob = {
delete_after_days_since_modification_greater_than = 101
}
}
}
}
Terraform apply
After running the Terraform code, the storage account with two lifecycle rules was successfully created.
