Saturday 11 November 2023

Terraform vs Azure Portal Defaults for Azure Storage Soft Delete

 Azure storage support soft deletion of blobs, blob containers and file shares. When we create a storage account usng Azure portal, by default soft deletion will be enabled with 7 day retention.


However when we are setting up an storage account with terraform, for example consider below terraform code. 

resource "azurerm_storage_account" "queue" {
  name                     = "chvideodeveuw001queuest"
  resource_group_name      = azurerm_resource_group.instancerg.name
  location                 = azurerm_resource_group.instancerg.location
  account_tier                     = "Standard"
  account_replication_type         = "LRS"
  account_kind                     = "StorageV2"
  access_tier                      = "Hot"
  allow_nested_items_to_be_public  = false
  min_tls_version                  = "TLS1_2"
  cross_tenant_replication_enabled = false
}

resource "azurerm_storage_queue" "video" {
  name                 = "demovideoqueue"
  storage_account_name = azurerm_storage_account.queue.name
}

The storage account shows it is created with soft deletion disabled by default.


However for the file shares by default soft deletion is enabled even with terraform.


With terraform we cannot explicitly set soft deletion to be disabled for blobs or blob containers. Terrrraform sets by defaut disabled for soft deletion for blobs and blob containers as shown above. But, if we are to specify a soft deletion setting in terraform, it must be set with soft deletion for 1 day at least.

resource "azurerm_storage_account" "queue" {
  name                     = "${var.PREFIX}${var.PROJECT}${replace(var.ENVNAME, "-", "")}queuest"
  resource_group_name      = azurerm_resource_group.instancerg.name
  location                 = azurerm_resource_group.instancerg.location
  account_tier                     = "Standard"
  account_replication_type         = "LRS"
  account_kind                     = "StorageV2"
  access_tier                      = "Hot"
  allow_nested_items_to_be_public  = false
  min_tls_version                  = "TLS1_2"
  cross_tenant_replication_enabled = false

  blob_properties {
    delete_retention_policy {
      days = 1
    }
    container_delete_retention_policy {
      days = 1
    }
  }

  share_properties {
    retention_policy {
      days = 1
    }
  }
   
}

With terraform documentation it seems not possible to disable file share soft delete. Looks like ifneed to disable file share soft deletion only via Azure portal. Or we can use Azure Bicep for IaC with more capablitites to handle Azure resources than terraform, which has properties to enable/disable soft deletion for fileshares as well.

No comments:

Popular Posts