Share via


Microsoft.Storage storageAccounts/blobServices 2023-01-01

Bicep resource definition

The storageAccounts/blobServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
  parent: resourceSymbolicName
  name: 'default'
  properties: {
    automaticSnapshotPolicyEnabled: bool
    changeFeed: {
      enabled: bool
      retentionInDays: int
    }
    containerDeleteRetentionPolicy: {
      allowPermanentDelete: bool
      days: int
      enabled: bool
    }
    cors: {
      corsRules: [
        {
          allowedHeaders: [
            'string'
          ]
          allowedMethods: [
            'string'
          ]
          allowedOrigins: [
            'string'
          ]
          exposedHeaders: [
            'string'
          ]
          maxAgeInSeconds: int
        }
      ]
    }
    defaultServiceVersion: 'string'
    deleteRetentionPolicy: {
      allowPermanentDelete: bool
      days: int
      enabled: bool
    }
    isVersioningEnabled: bool
    lastAccessTimeTrackingPolicy: {
      blobType: [
        'string'
      ]
      enable: bool
      name: 'string'
      trackingGranularityInDays: int
    }
    restorePolicy: {
      days: int
      enabled: bool
    }
  }
}

Property Values

Microsoft.Storage/storageAccounts/blobServices

Name Description Value
name The resource name 'default' (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: storageAccounts
properties The properties of a storage account’s Blob service. BlobServicePropertiesProperties

BlobServicePropertiesProperties

Name Description Value
automaticSnapshotPolicyEnabled Deprecated in favor of isVersioningEnabled property. bool
changeFeed The blob service properties for change feed events. ChangeFeed
containerDeleteRetentionPolicy The blob service properties for container soft delete. DeleteRetentionPolicy
cors Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. CorsRules
defaultServiceVersion DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. string
deleteRetentionPolicy The blob service properties for blob soft delete. DeleteRetentionPolicy
isVersioningEnabled Versioning is enabled if set to true. bool
lastAccessTimeTrackingPolicy The blob service property to configure last access time based tracking policy. LastAccessTimeTrackingPolicy
restorePolicy The blob service properties for blob restore policy. RestorePolicyProperties

ChangeFeed

Name Description Value
enabled Indicates whether change feed event logging is enabled for the Blob service. bool
retentionInDays Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed. int

Constraints:
Min value = 1
Max value = 146000

CorsRule

Name Description Value
allowedHeaders Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. string[] (required)
allowedMethods Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. String array containing any of:
'CONNECT'
'DELETE'
'GET'
'HEAD'
'MERGE'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE' (required)
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)
exposedHeaders Required if CorsRule element is present. A list of response headers to expose to CORS clients. string[] (required)
maxAgeInSeconds Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. int (required)

CorsRules

Name Description Value
corsRules The List of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

DeleteRetentionPolicy

Name Description Value
allowPermanentDelete This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. bool
days Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. int

Constraints:
Min value = 1
Max value = 365
enabled Indicates whether DeleteRetentionPolicy is enabled. bool

LastAccessTimeTrackingPolicy

Name Description Value
blobType An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only string[]
enable When set to true last access time based tracking is enabled. bool (required)
name Name of the policy. The valid value is AccessTimeTracking. This field is currently read only 'AccessTimeTracking'
trackingGranularityInDays The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1 int

RestorePolicyProperties

Name Description Value
days how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days. int

Constraints:
Min value = 1
Max value = 365
enabled Blob restore is enabled if set to true. bool (required)

Usage Examples

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Azure Cloud Shell - VNet storage This template deploys Azure Cloud Shell storage into an Azure virtual network.
Create a function app in the Flex Consumption plan Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration.
Create a storage account with multiple Blob containers Creates an Azure storage account and multiple blob containers.
Create a V2 data factory This template creates a V2 data factory that copies data from a folder in an Azure Blob Storage to another folder in the storage.
Create an Azure Machine Learning Sweep job This template creates an Azure Machine Learning Sweep job for hyperparameter tuning.
Create an Azure Storage Account and Blob Container on Azure This template creates an Azure Storage account and a blob container.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Deploy Azure Data Explorer db with Event Grid connection Deploy Azure Data Explorer db with Event Grid connection.
Deploy Secure AI Foundry with a managed virtual network This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
FinOps hub This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory.
Storage Account with SSE and blob deletion retention policy This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy

ARM template resource definition

The storageAccounts/blobServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following JSON to your template.

{
  "type": "Microsoft.Storage/storageAccounts/blobServices",
  "apiVersion": "2023-01-01",
  "name": "string",
  "properties": {
    "automaticSnapshotPolicyEnabled": "bool",
    "changeFeed": {
      "enabled": "bool",
      "retentionInDays": "int"
    },
    "containerDeleteRetentionPolicy": {
      "allowPermanentDelete": "bool",
      "days": "int",
      "enabled": "bool"
    },
    "cors": {
      "corsRules": [
        {
          "allowedHeaders": [ "string" ],
          "allowedMethods": [ "string" ],
          "allowedOrigins": [ "string" ],
          "exposedHeaders": [ "string" ],
          "maxAgeInSeconds": "int"
        }
      ]
    },
    "defaultServiceVersion": "string",
    "deleteRetentionPolicy": {
      "allowPermanentDelete": "bool",
      "days": "int",
      "enabled": "bool"
    },
    "isVersioningEnabled": "bool",
    "lastAccessTimeTrackingPolicy": {
      "blobType": [ "string" ],
      "enable": "bool",
      "name": "string",
      "trackingGranularityInDays": "int"
    },
    "restorePolicy": {
      "days": "int",
      "enabled": "bool"
    }
  }
}

Property Values

Microsoft.Storage/storageAccounts/blobServices

Name Description Value
apiVersion The api version '2023-01-01'
name The resource name 'default' (required)
properties The properties of a storage account’s Blob service. BlobServicePropertiesProperties
type The resource type 'Microsoft.Storage/storageAccounts/blobServices'

BlobServicePropertiesProperties

Name Description Value
automaticSnapshotPolicyEnabled Deprecated in favor of isVersioningEnabled property. bool
changeFeed The blob service properties for change feed events. ChangeFeed
containerDeleteRetentionPolicy The blob service properties for container soft delete. DeleteRetentionPolicy
cors Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. CorsRules
defaultServiceVersion DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. string
deleteRetentionPolicy The blob service properties for blob soft delete. DeleteRetentionPolicy
isVersioningEnabled Versioning is enabled if set to true. bool
lastAccessTimeTrackingPolicy The blob service property to configure last access time based tracking policy. LastAccessTimeTrackingPolicy
restorePolicy The blob service properties for blob restore policy. RestorePolicyProperties

ChangeFeed

Name Description Value
enabled Indicates whether change feed event logging is enabled for the Blob service. bool
retentionInDays Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed. int

Constraints:
Min value = 1
Max value = 146000

CorsRule

Name Description Value
allowedHeaders Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. string[] (required)
allowedMethods Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. String array containing any of:
'CONNECT'
'DELETE'
'GET'
'HEAD'
'MERGE'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE' (required)
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)
exposedHeaders Required if CorsRule element is present. A list of response headers to expose to CORS clients. string[] (required)
maxAgeInSeconds Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. int (required)

CorsRules

Name Description Value
corsRules The List of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

DeleteRetentionPolicy

Name Description Value
allowPermanentDelete This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. bool
days Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. int

Constraints:
Min value = 1
Max value = 365
enabled Indicates whether DeleteRetentionPolicy is enabled. bool

LastAccessTimeTrackingPolicy

Name Description Value
blobType An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only string[]
enable When set to true last access time based tracking is enabled. bool (required)
name Name of the policy. The valid value is AccessTimeTracking. This field is currently read only 'AccessTimeTracking'
trackingGranularityInDays The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1 int

RestorePolicyProperties

Name Description Value
days how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days. int

Constraints:
Min value = 1
Max value = 365
enabled Blob restore is enabled if set to true. bool (required)

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Azure Cloud Shell - VNet storage

Deploy to Azure
This template deploys Azure Cloud Shell storage into an Azure virtual network.
Create a function app in the Flex Consumption plan

Deploy to Azure
Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration.
Create a storage account with multiple Blob containers

Deploy to Azure
Creates an Azure storage account and multiple blob containers.
Create a V2 data factory

Deploy to Azure
This template creates a V2 data factory that copies data from a folder in an Azure Blob Storage to another folder in the storage.
Create an Azure Machine Learning Sweep job

Deploy to Azure
This template creates an Azure Machine Learning Sweep job for hyperparameter tuning.
Create an Azure Storage Account and Blob Container on Azure

Deploy to Azure
This template creates an Azure Storage account and a blob container.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Deploy Azure Data Explorer db with Event Grid connection

Deploy to Azure
Deploy Azure Data Explorer db with Event Grid connection.
Deploy Secure AI Foundry with a managed virtual network

Deploy to Azure
This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
FinOps hub

Deploy to Azure
This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory.
Storage Account with SSE and blob deletion retention policy

Deploy to Azure
This template creates a Storage Account with Storage Service Encryption and a blob deletion retention policy

Terraform (AzAPI provider) resource definition

The storageAccounts/blobServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/blobServices resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/blobServices@2023-01-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      automaticSnapshotPolicyEnabled = bool
      changeFeed = {
        enabled = bool
        retentionInDays = int
      }
      containerDeleteRetentionPolicy = {
        allowPermanentDelete = bool
        days = int
        enabled = bool
      }
      cors = {
        corsRules = [
          {
            allowedHeaders = [
              "string"
            ]
            allowedMethods = [
              "string"
            ]
            allowedOrigins = [
              "string"
            ]
            exposedHeaders = [
              "string"
            ]
            maxAgeInSeconds = int
          }
        ]
      }
      defaultServiceVersion = "string"
      deleteRetentionPolicy = {
        allowPermanentDelete = bool
        days = int
        enabled = bool
      }
      isVersioningEnabled = bool
      lastAccessTimeTrackingPolicy = {
        blobType = [
          "string"
        ]
        enable = bool
        name = "string"
        trackingGranularityInDays = int
      }
      restorePolicy = {
        days = int
        enabled = bool
      }
    }
  }
}

Property Values

Microsoft.Storage/storageAccounts/blobServices

Name Description Value
name The resource name 'default' (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: storageAccounts
properties The properties of a storage account’s Blob service. BlobServicePropertiesProperties
type The resource type "Microsoft.Storage/storageAccounts/blobServices@2023-01-01"

BlobServicePropertiesProperties

Name Description Value
automaticSnapshotPolicyEnabled Deprecated in favor of isVersioningEnabled property. bool
changeFeed The blob service properties for change feed events. ChangeFeed
containerDeleteRetentionPolicy The blob service properties for container soft delete. DeleteRetentionPolicy
cors Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. CorsRules
defaultServiceVersion DefaultServiceVersion indicates the default version to use for requests to the Blob service if an incoming request’s version is not specified. Possible values include version 2008-10-27 and all more recent versions. string
deleteRetentionPolicy The blob service properties for blob soft delete. DeleteRetentionPolicy
isVersioningEnabled Versioning is enabled if set to true. bool
lastAccessTimeTrackingPolicy The blob service property to configure last access time based tracking policy. LastAccessTimeTrackingPolicy
restorePolicy The blob service properties for blob restore policy. RestorePolicyProperties

ChangeFeed

Name Description Value
enabled Indicates whether change feed event logging is enabled for the Blob service. bool
retentionInDays Indicates the duration of changeFeed retention in days. Minimum value is 1 day and maximum value is 146000 days (400 years). A null value indicates an infinite retention of the change feed. int

Constraints:
Min value = 1
Max value = 146000

CorsRule

Name Description Value
allowedHeaders Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. string[] (required)
allowedMethods Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. String array containing any of:
'CONNECT'
'DELETE'
'GET'
'HEAD'
'MERGE'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE' (required)
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)
exposedHeaders Required if CorsRule element is present. A list of response headers to expose to CORS clients. string[] (required)
maxAgeInSeconds Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. int (required)

CorsRules

Name Description Value
corsRules The List of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

DeleteRetentionPolicy

Name Description Value
allowPermanentDelete This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. bool
days Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. int

Constraints:
Min value = 1
Max value = 365
enabled Indicates whether DeleteRetentionPolicy is enabled. bool

LastAccessTimeTrackingPolicy

Name Description Value
blobType An array of predefined supported blob types. Only blockBlob is the supported value. This field is currently read only string[]
enable When set to true last access time based tracking is enabled. bool (required)
name Name of the policy. The valid value is AccessTimeTracking. This field is currently read only 'AccessTimeTracking'
trackingGranularityInDays The field specifies blob object tracking granularity in days, typically how often the blob object should be tracked.This field is currently read only with value as 1 int

RestorePolicyProperties

Name Description Value
days how long this blob can be restored. It should be great than zero and less than DeleteRetentionPolicy.days. int

Constraints:
Min value = 1
Max value = 365
enabled Blob restore is enabled if set to true. bool (required)

Usage Examples

Terraform Samples

A basic example of deploying Blob Service within Azure Storage.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "storageAccount" {
  type      = "Microsoft.Storage/storageAccounts@2021-09-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    kind = "StorageV2"
    properties = {
      accessTier                   = "Hot"
      allowBlobPublicAccess        = true
      allowCrossTenantReplication  = true
      allowSharedKeyAccess         = true
      defaultToOAuthAuthentication = false
      encryption = {
        keySource = "Microsoft.Storage"
        services = {
          queue = {
            keyType = "Service"
          }
          table = {
            keyType = "Service"
          }
        }
      }
      isHnsEnabled      = false
      isNfsV3Enabled    = false
      isSftpEnabled     = false
      minimumTlsVersion = "TLS1_2"
      networkAcls = {
        defaultAction = "Allow"
      }
      publicNetworkAccess      = "Enabled"
      supportsHttpsTrafficOnly = true
    }
    sku = {
      name = "Standard_LRS"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_update_resource" "blobService" {
  type      = "Microsoft.Storage/storageAccounts/blobServices@2021-09-01"
  parent_id = azapi_resource.storageAccount.id
  name      = "default"
  body = {
    properties = {
      changeFeed = {
        enabled = true
      }
      containerDeleteRetentionPolicy = {
        enabled = false
      }
      cors = {
      }
      deleteRetentionPolicy = {
        enabled = false
      }
      isVersioningEnabled = true
      lastAccessTimeTrackingPolicy = {
        enable = false
      }
      restorePolicy = {
        enabled = false
      }
    }
  }
  response_export_values = ["*"]
}