Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The storageAccounts/blobServices resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Storage/storageAccounts/blobServices@2018-11-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    cors: {
      corsRules: [
        {
          allowedHeaders: [
            'string'
          ]
          allowedMethods: [
            'string'
          ]
          allowedOrigins: [
            'string'
          ]
          exposedHeaders: [
            'string'
          ]
          maxAgeInSeconds: int
        }
      ]
    }
    defaultServiceVersion: 'string'
    deleteRetentionPolicy: {
      days: int
      enabled: bool
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices
| Name | Description | Value | 
|---|---|---|
| name | The resource name | 'default' (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. | Symbolic name for resource of type: storageAccounts | 
| properties | The properties of a storage account’s Blob service. | BlobServicePropertiesProperties | 
BlobServicePropertiesProperties
| Name | Description | Value | 
|---|---|---|
| cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules | 
| defaultServiceVersion | DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. | string | 
| deleteRetentionPolicy | The blob service properties for soft delete. | DeleteRetentionPolicy | 
CorsRule
| Name | Description | Value | 
|---|---|---|
| allowedHeaders | Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. | string[] (required) | 
| allowedMethods | Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'POST' 'PUT' (required) | 
| allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) | 
| exposedHeaders | Required if CorsRule element is present. A list of response headers to expose to CORS clients. | string[] (required) | 
| maxAgeInSeconds | Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. | int (required) | 
CorsRules
| Name | Description | Value | 
|---|---|---|
| corsRules | The List of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] | 
DeleteRetentionPolicy
| Name | Description | Value | 
|---|---|---|
| days | Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | bool | 
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
|---|---|
| Azure Cloud Shell - VNet storage | This template deploys Azure Cloud Shell storage into an Azure virtual network. | 
| Create a function app in the Flex Consumption plan | Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration. | 
| Create a storage account with multiple Blob containers | Creates an Azure storage account and multiple blob containers. | 
| Create a V2 data factory | This template creates a V2 data factory that copies data from a folder in an Azure Blob Storage to another folder in the storage. | 
| Create an Azure Machine Learning Sweep job | This template creates an Azure Machine Learning Sweep job for hyperparameter tuning. | 
| Create an Azure Storage Account and Blob Container on Azure | This template creates an Azure Storage account and a blob container. | 
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. | 
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. | 
| Deploy Azure Data Explorer db with Event Grid connection | Deploy Azure Data Explorer db with Event Grid connection. | 
| Deploy Secure AI Foundry with a managed virtual network | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | 
| FinOps hub | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | 
| Storage Account with SSE and blob deletion retention policy | This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy | 
ARM template resource definition
The storageAccounts/blobServices resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following JSON to your template.
{
  "type": "Microsoft.Storage/storageAccounts/blobServices",
  "apiVersion": "2018-11-01",
  "name": "string",
  "properties": {
    "cors": {
      "corsRules": [
        {
          "allowedHeaders": [ "string" ],
          "allowedMethods": [ "string" ],
          "allowedOrigins": [ "string" ],
          "exposedHeaders": [ "string" ],
          "maxAgeInSeconds": "int"
        }
      ]
    },
    "defaultServiceVersion": "string",
    "deleteRetentionPolicy": {
      "days": "int",
      "enabled": "bool"
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2018-11-01' | 
| name | The resource name | 'default' (required) | 
| properties | The properties of a storage account’s Blob service. | BlobServicePropertiesProperties | 
| type | The resource type | 'Microsoft.Storage/storageAccounts/blobServices' | 
BlobServicePropertiesProperties
| Name | Description | Value | 
|---|---|---|
| cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules | 
| defaultServiceVersion | DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. | string | 
| deleteRetentionPolicy | The blob service properties for soft delete. | DeleteRetentionPolicy | 
CorsRule
| Name | Description | Value | 
|---|---|---|
| allowedHeaders | Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. | string[] (required) | 
| allowedMethods | Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'POST' 'PUT' (required) | 
| allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) | 
| exposedHeaders | Required if CorsRule element is present. A list of response headers to expose to CORS clients. | string[] (required) | 
| maxAgeInSeconds | Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. | int (required) | 
CorsRules
| Name | Description | Value | 
|---|---|---|
| corsRules | The List of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] | 
DeleteRetentionPolicy
| Name | Description | Value | 
|---|---|---|
| days | Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | bool | 
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
|---|---|
| Azure Cloud Shell - VNet storage | This template deploys Azure Cloud Shell storage into an Azure virtual network. | 
| Create a function app in the Flex Consumption plan | Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration. | 
| Create a storage account with multiple Blob containers | Creates an Azure storage account and multiple blob containers. | 
| Create a V2 data factory | This template creates a V2 data factory that copies data from a folder in an Azure Blob Storage to another folder in the storage. | 
| Create an Azure Machine Learning Sweep job | This template creates an Azure Machine Learning Sweep job for hyperparameter tuning. | 
| Create an Azure Storage Account and Blob Container on Azure | This template creates an Azure Storage account and a blob container. | 
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. | 
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. | 
| Deploy Azure Data Explorer db with Event Grid connection | Deploy Azure Data Explorer db with Event Grid connection. | 
| Deploy Secure AI Foundry with a managed virtual network | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | 
| FinOps hub | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | 
| Storage Account with SSE and blob deletion retention policy | This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy | 
Terraform (AzAPI provider) resource definition
The storageAccounts/blobServices resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/blobServices@2018-11-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      cors = {
        corsRules = [
          {
            allowedHeaders = [
              "string"
            ]
            allowedMethods = [
              "string"
            ]
            allowedOrigins = [
              "string"
            ]
            exposedHeaders = [
              "string"
            ]
            maxAgeInSeconds = int
          }
        ]
      }
      defaultServiceVersion = "string"
      deleteRetentionPolicy = {
        days = int
        enabled = bool
      }
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices
| Name | Description | Value | 
|---|---|---|
| name | The resource name | 'default' (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: storageAccounts | 
| properties | The properties of a storage account’s Blob service. | BlobServicePropertiesProperties | 
| type | The resource type | "Microsoft.Storage/storageAccounts/blobServices@2018-11-01" | 
BlobServicePropertiesProperties
| Name | Description | Value | 
|---|---|---|
| cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules | 
| defaultServiceVersion | DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. | string | 
| deleteRetentionPolicy | The blob service properties for soft delete. | DeleteRetentionPolicy | 
CorsRule
| Name | Description | Value | 
|---|---|---|
| allowedHeaders | Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. | string[] (required) | 
| allowedMethods | Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'POST' 'PUT' (required) | 
| allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) | 
| exposedHeaders | Required if CorsRule element is present. A list of response headers to expose to CORS clients. | string[] (required) | 
| maxAgeInSeconds | Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. | int (required) | 
CorsRules
| Name | Description | Value | 
|---|---|---|
| corsRules | The List of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] | 
DeleteRetentionPolicy
| Name | Description | Value | 
|---|---|---|
| days | Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | bool | 
Usage Examples
Terraform Samples
A basic example of deploying Blob Service within Azure Storage.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}
resource "azapi_resource" "storageAccount" {
  type      = "Microsoft.Storage/storageAccounts@2021-09-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    kind = "StorageV2"
    properties = {
      accessTier                   = "Hot"
      allowBlobPublicAccess        = true
      allowCrossTenantReplication  = true
      allowSharedKeyAccess         = true
      defaultToOAuthAuthentication = false
      encryption = {
        keySource = "Microsoft.Storage"
        services = {
          queue = {
            keyType = "Service"
          }
          table = {
            keyType = "Service"
          }
        }
      }
      isHnsEnabled      = false
      isNfsV3Enabled    = false
      isSftpEnabled     = false
      minimumTlsVersion = "TLS1_2"
      networkAcls = {
        defaultAction = "Allow"
      }
      publicNetworkAccess      = "Enabled"
      supportsHttpsTrafficOnly = true
    }
    sku = {
      name = "Standard_LRS"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_update_resource" "blobService" {
  type      = "Microsoft.Storage/storageAccounts/blobServices@2021-09-01"
  parent_id = azapi_resource.storageAccount.id
  name      = "default"
  body = {
    properties = {
      changeFeed = {
        enabled = true
      }
      containerDeleteRetentionPolicy = {
        enabled = false
      }
      cors = {
      }
      deleteRetentionPolicy = {
        enabled = false
      }
      isVersioningEnabled = true
      lastAccessTimeTrackingPolicy = {
        enable = false
      }
      restorePolicy = {
        enabled = false
      }
    }
  }
  response_export_values = ["*"]
}