Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The storageAccounts/localUsers resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Storage/storageAccounts/localUsers@2023-01-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
hasSharedKey: bool
hasSshKey: bool
hasSshPassword: bool
homeDirectory: 'string'
permissionScopes: [
{
permissions: 'string'
resourceName: 'string'
service: 'string'
}
]
sshAuthorizedKeys: [
{
description: 'string'
key: 'string'
}
]
}
}
Property Values
Microsoft.Storage/storageAccounts/localUsers
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Min length = 3 Max length = 64 (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: storageAccounts |
| properties | Storage account local user properties. | LocalUserProperties |
LocalUserProperties
| Name | Description | Value |
|---|---|---|
| hasSharedKey | Indicates whether shared key exists. Set it to false to remove existing shared key. | bool |
| hasSshKey | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | bool |
| hasSshPassword | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | bool |
| homeDirectory | Optional, local user home directory. | string |
| permissionScopes | The permission scopes of the local user. | PermissionScope[] |
| sshAuthorizedKeys | Optional, local user ssh authorized keys for SFTP. | SshPublicKey[] |
PermissionScope
| Name | Description | Value |
|---|---|---|
| permissions | The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). | string (required) |
| resourceName | The name of resource, normally the container name or the file share name, used by the local user. | string (required) |
| service | The service used by the local user, e.g. blob, file. | string (required) |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| description | Optional. It is used to store the function/usage of the key | string |
| key | Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB | string |
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Create Storage Account with SFTP enabled | Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based. |
ARM template resource definition
The storageAccounts/localUsers resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following JSON to your template.
{
"type": "Microsoft.Storage/storageAccounts/localUsers",
"apiVersion": "2023-01-01",
"name": "string",
"properties": {
"hasSharedKey": "bool",
"hasSshKey": "bool",
"hasSshPassword": "bool",
"homeDirectory": "string",
"permissionScopes": [
{
"permissions": "string",
"resourceName": "string",
"service": "string"
}
],
"sshAuthorizedKeys": [
{
"description": "string",
"key": "string"
}
]
}
}
Property Values
Microsoft.Storage/storageAccounts/localUsers
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2023-01-01' |
| name | The resource name | string Constraints: Min length = 3 Max length = 64 (required) |
| properties | Storage account local user properties. | LocalUserProperties |
| type | The resource type | 'Microsoft.Storage/storageAccounts/localUsers' |
LocalUserProperties
| Name | Description | Value |
|---|---|---|
| hasSharedKey | Indicates whether shared key exists. Set it to false to remove existing shared key. | bool |
| hasSshKey | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | bool |
| hasSshPassword | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | bool |
| homeDirectory | Optional, local user home directory. | string |
| permissionScopes | The permission scopes of the local user. | PermissionScope[] |
| sshAuthorizedKeys | Optional, local user ssh authorized keys for SFTP. | SshPublicKey[] |
PermissionScope
| Name | Description | Value |
|---|---|---|
| permissions | The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). | string (required) |
| resourceName | The name of resource, normally the container name or the file share name, used by the local user. | string (required) |
| service | The service used by the local user, e.g. blob, file. | string (required) |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| description | Optional. It is used to store the function/usage of the key | string |
| key | Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB | string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create Storage Account with SFTP enabled |
Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based. |
Terraform (AzAPI provider) resource definition
The storageAccounts/localUsers resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Storage/storageAccounts/localUsers@2023-01-01"
name = "string"
parent_id = "string"
body = {
properties = {
hasSharedKey = bool
hasSshKey = bool
hasSshPassword = bool
homeDirectory = "string"
permissionScopes = [
{
permissions = "string"
resourceName = "string"
service = "string"
}
]
sshAuthorizedKeys = [
{
description = "string"
key = "string"
}
]
}
}
}
Property Values
Microsoft.Storage/storageAccounts/localUsers
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Min length = 3 Max length = 64 (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: storageAccounts |
| properties | Storage account local user properties. | LocalUserProperties |
| type | The resource type | "Microsoft.Storage/storageAccounts/localUsers@2023-01-01" |
LocalUserProperties
| Name | Description | Value |
|---|---|---|
| hasSharedKey | Indicates whether shared key exists. Set it to false to remove existing shared key. | bool |
| hasSshKey | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | bool |
| hasSshPassword | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | bool |
| homeDirectory | Optional, local user home directory. | string |
| permissionScopes | The permission scopes of the local user. | PermissionScope[] |
| sshAuthorizedKeys | Optional, local user ssh authorized keys for SFTP. | SshPublicKey[] |
PermissionScope
| Name | Description | Value |
|---|---|---|
| permissions | The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). | string (required) |
| resourceName | The name of resource, normally the container name or the file share name, used by the local user. | string (required) |
| service | The service used by the local user, e.g. blob, file. | string (required) |
SshPublicKey
| Name | Description | Value |
|---|---|---|
| description | Optional. It is used to store the function/usage of the key | string |
| key | Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB | string |
Usage Examples
Terraform Samples
A basic example of deploying Storage Account Local User.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "storageAccount" {
type = "Microsoft.Storage/storageAccounts@2021-09-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
kind = "StorageV2"
properties = {
accessTier = "Hot"
allowBlobPublicAccess = true
allowCrossTenantReplication = true
allowSharedKeyAccess = true
defaultToOAuthAuthentication = false
encryption = {
keySource = "Microsoft.Storage"
services = {
queue = {
keyType = "Service"
}
table = {
keyType = "Service"
}
}
}
isHnsEnabled = false
isNfsV3Enabled = false
isSftpEnabled = false
minimumTlsVersion = "TLS1_2"
networkAcls = {
defaultAction = "Allow"
}
publicNetworkAccess = "Enabled"
supportsHttpsTrafficOnly = true
}
sku = {
name = "Standard_LRS"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "localUser" {
type = "Microsoft.Storage/storageAccounts/localUsers@2021-09-01"
parent_id = azapi_resource.storageAccount.id
name = var.resource_name
body = {
properties = {
hasSshPassword = false,
homeDirectory = "containername/"
hasSharedKey = true,
hasSshKey = false,
permissionScopes = [{
permissions = "cwl",
service = "blob",
resourceName = "containername"
}]
}
}
}
A generatepassword example of deploying Storage Account Local User.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001dfdg"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "storageAccount" {
type = "Microsoft.Storage/storageAccounts@2021-09-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
kind = "StorageV2"
properties = {
accessTier = "Hot"
allowBlobPublicAccess = true
allowCrossTenantReplication = true
allowSharedKeyAccess = true
defaultToOAuthAuthentication = false
encryption = {
keySource = "Microsoft.Storage"
services = {
queue = {
keyType = "Service"
}
table = {
keyType = "Service"
}
}
}
isHnsEnabled = false
isNfsV3Enabled = false
isSftpEnabled = false
minimumTlsVersion = "TLS1_2"
networkAcls = {
defaultAction = "Allow"
}
publicNetworkAccess = "Enabled"
supportsHttpsTrafficOnly = true
}
sku = {
name = "Standard_LRS"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "localUser" {
type = "Microsoft.Storage/storageAccounts/localUsers@2021-09-01"
parent_id = azapi_resource.storageAccount.id
name = var.resource_name
body = {
properties = {
hasSshPassword = true,
homeDirectory = "containername/"
hasSharedKey = true,
hasSshKey = false,
permissionScopes = [{
permissions = "cwl",
service = "blob",
resourceName = "containername"
}]
}
}
}
resource "azapi_resource_action" "localUser" {
type = "Microsoft.Storage/storageAccounts/localUsers@2022-05-01"
resource_id = azapi_resource.localUser.id
action = "regeneratePassword"
body = {
username = "TestUserName"
}
response_export_values = ["sshPassword"]
}