Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The storageAccounts/blobServices resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = {
  parent: resourceSymbolicName
  name: 'default'
  properties: {
    automaticSnapshotPolicyEnabled: bool
    changeFeed: {
      enabled: bool
      retentionInDays: int
    }
    containerDeleteRetentionPolicy: {
      allowPermanentDelete: bool
      days: int
      enabled: bool
    }
    cors: {
      corsRules: [
        {
          allowedHeaders: [
            'string'
          ]
          allowedMethods: [
            'string'
          ]
          allowedOrigins: [
            'string'
          ]
          exposedHeaders: [
            'string'
          ]
          maxAgeInSeconds: int
        }
      ]
    }
    defaultServiceVersion: 'string'
    deleteRetentionPolicy: {
      allowPermanentDelete: bool
      days: int
      enabled: bool
    }
    isVersioningEnabled: bool
    lastAccessTimeTrackingPolicy: {
      blobType: [
        'string'
      ]
      enable: bool
      name: 'string'
      trackingGranularityInDays: int
    }
    restorePolicy: {
      days: int
      enabled: bool
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices
| Name | Description | Value | 
|---|---|---|
| name | The resource name | 'default' (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. | Symbolic name for resource of type: storageAccounts | 
| properties | The properties of a storage account’s Blob service. | BlobServicePropertiesProperties | 
BlobServicePropertiesProperties
| Name | Description | Value | 
|---|---|---|
| automaticSnapshotPolicyEnabled | Deprecated in favor of isVersioningEnabled property. | bool | 
| changeFeed | The blob service properties for change feed events. | ChangeFeed | 
| containerDeleteRetentionPolicy | The blob service properties for container soft delete. | DeleteRetentionPolicy | 
| cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules | 
| defaultServiceVersion | DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. | string | 
| deleteRetentionPolicy | The blob service properties for blob soft delete. | DeleteRetentionPolicy | 
| isVersioningEnabled | Versioning is enabled if set to true. | bool | 
| lastAccessTimeTrackingPolicy | The blob service property to configure last access time based tracking policy. | LastAccessTimeTrackingPolicy | 
| restorePolicy | The blob service properties for blob restore policy. | RestorePolicyProperties | 
ChangeFeed
| Name | Description | Value | 
|---|---|---|
| enabled | Indicates whether change feed event logging is enabled for the Blob service. | bool | 
| retentionInDays | Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed. | int Constraints: Min value = 1 Max value = 146000 | 
CorsRule
| Name | Description | Value | 
|---|---|---|
| allowedHeaders | Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. | string[] (required) | 
| allowedMethods | Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'PATCH' 'POST' 'PUT' (required) | 
| allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) | 
| exposedHeaders | Required if CorsRule element is present. A list of response headers to expose to CORS clients. | string[] (required) | 
| maxAgeInSeconds | Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. | int (required) | 
CorsRules
| Name | Description | Value | 
|---|---|---|
| corsRules | The List of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] | 
DeleteRetentionPolicy
| Name | Description | Value | 
|---|---|---|
| allowPermanentDelete | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. | bool | 
| days | Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Indicates whether DeleteRetentionPolicy is enabled. | bool | 
LastAccessTimeTrackingPolicy
| Name | Description | Value | 
|---|---|---|
| blobType | An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only | string[] | 
| enable | When set to true last access time based tracking is enabled. | bool (required) | 
| name | Name of the policy. The valid value is AccessTimeTracking. This field is currently read only | 'AccessTimeTracking' | 
| trackingGranularityInDays | The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1 | int | 
RestorePolicyProperties
| Name | Description | Value | 
|---|---|---|
| days | how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Blob restore is enabled if set to true. | bool (required) | 
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
|---|---|
| Azure Cloud Shell - VNet storage | This template deploys Azure Cloud Shell storage into an Azure virtual network. | 
| Create a function app in the Flex Consumption plan | Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration. | 
| Create a storage account with multiple Blob containers | Creates an Azure storage account and multiple blob containers. | 
| Create a V2 data factory | This template creates a V2 data factory that copies data from a folder in an Azure Blob Storage to another folder in the storage. | 
| Create an Azure Machine Learning Sweep job | This template creates an Azure Machine Learning Sweep job for hyperparameter tuning. | 
| Create an Azure Storage Account and Blob Container on Azure | This template creates an Azure Storage account and a blob container. | 
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. | 
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. | 
| Deploy Azure Data Explorer db with Event Grid connection | Deploy Azure Data Explorer db with Event Grid connection. | 
| Deploy Secure AI Foundry with a managed virtual network | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | 
| FinOps hub | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | 
| Storage Account with SSE and blob deletion retention policy | This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy | 
ARM template resource definition
The storageAccounts/blobServices resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following JSON to your template.
{
  "type": "Microsoft.Storage/storageAccounts/blobServices",
  "apiVersion": "2022-09-01",
  "name": "string",
  "properties": {
    "automaticSnapshotPolicyEnabled": "bool",
    "changeFeed": {
      "enabled": "bool",
      "retentionInDays": "int"
    },
    "containerDeleteRetentionPolicy": {
      "allowPermanentDelete": "bool",
      "days": "int",
      "enabled": "bool"
    },
    "cors": {
      "corsRules": [
        {
          "allowedHeaders": [ "string" ],
          "allowedMethods": [ "string" ],
          "allowedOrigins": [ "string" ],
          "exposedHeaders": [ "string" ],
          "maxAgeInSeconds": "int"
        }
      ]
    },
    "defaultServiceVersion": "string",
    "deleteRetentionPolicy": {
      "allowPermanentDelete": "bool",
      "days": "int",
      "enabled": "bool"
    },
    "isVersioningEnabled": "bool",
    "lastAccessTimeTrackingPolicy": {
      "blobType": [ "string" ],
      "enable": "bool",
      "name": "string",
      "trackingGranularityInDays": "int"
    },
    "restorePolicy": {
      "days": "int",
      "enabled": "bool"
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2022-09-01' | 
| name | The resource name | 'default' (required) | 
| properties | The properties of a storage account’s Blob service. | BlobServicePropertiesProperties | 
| type | The resource type | 'Microsoft.Storage/storageAccounts/blobServices' | 
BlobServicePropertiesProperties
| Name | Description | Value | 
|---|---|---|
| automaticSnapshotPolicyEnabled | Deprecated in favor of isVersioningEnabled property. | bool | 
| changeFeed | The blob service properties for change feed events. | ChangeFeed | 
| containerDeleteRetentionPolicy | The blob service properties for container soft delete. | DeleteRetentionPolicy | 
| cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules | 
| defaultServiceVersion | DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. | string | 
| deleteRetentionPolicy | The blob service properties for blob soft delete. | DeleteRetentionPolicy | 
| isVersioningEnabled | Versioning is enabled if set to true. | bool | 
| lastAccessTimeTrackingPolicy | The blob service property to configure last access time based tracking policy. | LastAccessTimeTrackingPolicy | 
| restorePolicy | The blob service properties for blob restore policy. | RestorePolicyProperties | 
ChangeFeed
| Name | Description | Value | 
|---|---|---|
| enabled | Indicates whether change feed event logging is enabled for the Blob service. | bool | 
| retentionInDays | Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed. | int Constraints: Min value = 1 Max value = 146000 | 
CorsRule
| Name | Description | Value | 
|---|---|---|
| allowedHeaders | Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. | string[] (required) | 
| allowedMethods | Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'PATCH' 'POST' 'PUT' (required) | 
| allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) | 
| exposedHeaders | Required if CorsRule element is present. A list of response headers to expose to CORS clients. | string[] (required) | 
| maxAgeInSeconds | Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. | int (required) | 
CorsRules
| Name | Description | Value | 
|---|---|---|
| corsRules | The List of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] | 
DeleteRetentionPolicy
| Name | Description | Value | 
|---|---|---|
| allowPermanentDelete | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. | bool | 
| days | Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Indicates whether DeleteRetentionPolicy is enabled. | bool | 
LastAccessTimeTrackingPolicy
| Name | Description | Value | 
|---|---|---|
| blobType | An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only | string[] | 
| enable | When set to true last access time based tracking is enabled. | bool (required) | 
| name | Name of the policy. The valid value is AccessTimeTracking. This field is currently read only | 'AccessTimeTracking' | 
| trackingGranularityInDays | The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1 | int | 
RestorePolicyProperties
| Name | Description | Value | 
|---|---|---|
| days | how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Blob restore is enabled if set to true. | bool (required) | 
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
|---|---|
| Azure Cloud Shell - VNet storage | This template deploys Azure Cloud Shell storage into an Azure virtual network. | 
| Create a function app in the Flex Consumption plan | Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration. | 
| Create a storage account with multiple Blob containers | Creates an Azure storage account and multiple blob containers. | 
| Create a V2 data factory | This template creates a V2 data factory that copies data from a folder in an Azure Blob Storage to another folder in the storage. | 
| Create an Azure Machine Learning Sweep job | This template creates an Azure Machine Learning Sweep job for hyperparameter tuning. | 
| Create an Azure Storage Account and Blob Container on Azure | This template creates an Azure Storage account and a blob container. | 
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. | 
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. | 
| Deploy Azure Data Explorer db with Event Grid connection | Deploy Azure Data Explorer db with Event Grid connection. | 
| Deploy Secure AI Foundry with a managed virtual network | This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions. | 
| FinOps hub | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | 
| Storage Account with SSE and blob deletion retention policy | This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy | 
Terraform (AzAPI provider) resource definition
The storageAccounts/blobServices resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/blobServices@2022-09-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      automaticSnapshotPolicyEnabled = bool
      changeFeed = {
        enabled = bool
        retentionInDays = int
      }
      containerDeleteRetentionPolicy = {
        allowPermanentDelete = bool
        days = int
        enabled = bool
      }
      cors = {
        corsRules = [
          {
            allowedHeaders = [
              "string"
            ]
            allowedMethods = [
              "string"
            ]
            allowedOrigins = [
              "string"
            ]
            exposedHeaders = [
              "string"
            ]
            maxAgeInSeconds = int
          }
        ]
      }
      defaultServiceVersion = "string"
      deleteRetentionPolicy = {
        allowPermanentDelete = bool
        days = int
        enabled = bool
      }
      isVersioningEnabled = bool
      lastAccessTimeTrackingPolicy = {
        blobType = [
          "string"
        ]
        enable = bool
        name = "string"
        trackingGranularityInDays = int
      }
      restorePolicy = {
        days = int
        enabled = bool
      }
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices
| Name | Description | Value | 
|---|---|---|
| name | The resource name | 'default' (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: storageAccounts | 
| properties | The properties of a storage account’s Blob service. | BlobServicePropertiesProperties | 
| type | The resource type | "Microsoft.Storage/storageAccounts/blobServices@2022-09-01" | 
BlobServicePropertiesProperties
| Name | Description | Value | 
|---|---|---|
| automaticSnapshotPolicyEnabled | Deprecated in favor of isVersioningEnabled property. | bool | 
| changeFeed | The blob service properties for change feed events. | ChangeFeed | 
| containerDeleteRetentionPolicy | The blob service properties for container soft delete. | DeleteRetentionPolicy | 
| cors | Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. | CorsRules | 
| defaultServiceVersion | DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. | string | 
| deleteRetentionPolicy | The blob service properties for blob soft delete. | DeleteRetentionPolicy | 
| isVersioningEnabled | Versioning is enabled if set to true. | bool | 
| lastAccessTimeTrackingPolicy | The blob service property to configure last access time based tracking policy. | LastAccessTimeTrackingPolicy | 
| restorePolicy | The blob service properties for blob restore policy. | RestorePolicyProperties | 
ChangeFeed
| Name | Description | Value | 
|---|---|---|
| enabled | Indicates whether change feed event logging is enabled for the Blob service. | bool | 
| retentionInDays | Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed. | int Constraints: Min value = 1 Max value = 146000 | 
CorsRule
| Name | Description | Value | 
|---|---|---|
| allowedHeaders | Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. | string[] (required) | 
| allowedMethods | Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'MERGE' 'OPTIONS' 'PATCH' 'POST' 'PUT' (required) | 
| allowedOrigins | Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains | string[] (required) | 
| exposedHeaders | Required if CorsRule element is present. A list of response headers to expose to CORS clients. | string[] (required) | 
| maxAgeInSeconds | Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. | int (required) | 
CorsRules
| Name | Description | Value | 
|---|---|---|
| corsRules | The List of CORS rules. You can include up to five CorsRule elements in the request. | CorsRule[] | 
DeleteRetentionPolicy
| Name | Description | Value | 
|---|---|---|
| allowPermanentDelete | This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. | bool | 
| days | Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Indicates whether DeleteRetentionPolicy is enabled. | bool | 
LastAccessTimeTrackingPolicy
| Name | Description | Value | 
|---|---|---|
| blobType | An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only | string[] | 
| enable | When set to true last access time based tracking is enabled. | bool (required) | 
| name | Name of the policy. The valid value is AccessTimeTracking. This field is currently read only | 'AccessTimeTracking' | 
| trackingGranularityInDays | The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1 | int | 
RestorePolicyProperties
| Name | Description | Value | 
|---|---|---|
| days | how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days. | int Constraints: Min value = 1 Max value = 365 | 
| enabled | Blob restore is enabled if set to true. | bool (required) | 
Usage Examples
Terraform Samples
A basic example of deploying Blob Service within Azure Storage.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}
resource "azapi_resource" "storageAccount" {
  type      = "Microsoft.Storage/storageAccounts@2021-09-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    kind = "StorageV2"
    properties = {
      accessTier                   = "Hot"
      allowBlobPublicAccess        = true
      allowCrossTenantReplication  = true
      allowSharedKeyAccess         = true
      defaultToOAuthAuthentication = false
      encryption = {
        keySource = "Microsoft.Storage"
        services = {
          queue = {
            keyType = "Service"
          }
          table = {
            keyType = "Service"
          }
        }
      }
      isHnsEnabled      = false
      isNfsV3Enabled    = false
      isSftpEnabled     = false
      minimumTlsVersion = "TLS1_2"
      networkAcls = {
        defaultAction = "Allow"
      }
      publicNetworkAccess      = "Enabled"
      supportsHttpsTrafficOnly = true
    }
    sku = {
      name = "Standard_LRS"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_update_resource" "blobService" {
  type      = "Microsoft.Storage/storageAccounts/blobServices@2021-09-01"
  parent_id = azapi_resource.storageAccount.id
  name      = "default"
  body = {
    properties = {
      changeFeed = {
        enabled = true
      }
      containerDeleteRetentionPolicy = {
        enabled = false
      }
      cors = {
      }
      deleteRetentionPolicy = {
        enabled = false
      }
      isVersioningEnabled = true
      lastAccessTimeTrackingPolicy = {
        enable = false
      }
      restorePolicy = {
        enabled = false
      }
    }
  }
  response_export_values = ["*"]
}