102 строки
2.3 KiB
Bicep
102 строки
2.3 KiB
Bicep
// Copyright (c) Microsoft Corporation.
|
|
// Licensed under the MIT License.
|
|
|
|
// Bicep documentation examples
|
|
|
|
@description('The name of the resource.')
|
|
param name string
|
|
|
|
@description('The location resources will be deployed.')
|
|
param location string = resourceGroup().location
|
|
|
|
// The name of a blob container
|
|
var containerName = 'data'
|
|
|
|
// The name of a file share
|
|
var shareName = 'group'
|
|
|
|
// Define a Storage Account with common security settings.
|
|
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
|
|
name: name
|
|
location: location
|
|
sku: {
|
|
name: 'Standard_GRS'
|
|
}
|
|
kind: 'StorageV2'
|
|
properties: {
|
|
allowBlobPublicAccess: false
|
|
supportsHttpsTrafficOnly: true
|
|
minimumTlsVersion: 'TLS1_2'
|
|
accessTier: 'Hot'
|
|
allowSharedKeyAccess: false
|
|
networkAcls: {
|
|
defaultAction: 'Deny'
|
|
}
|
|
}
|
|
}
|
|
|
|
// Configure blob services with soft-delete enabled.
|
|
resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
|
|
parent: storageAccount
|
|
name: 'default'
|
|
properties: {
|
|
deleteRetentionPolicy: {
|
|
enabled: true
|
|
days: 7
|
|
}
|
|
containerDeleteRetentionPolicy: {
|
|
enabled: true
|
|
days: 7
|
|
}
|
|
}
|
|
}
|
|
|
|
// Create a storage container.
|
|
resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2023-01-01' = {
|
|
parent: blobService
|
|
name: containerName
|
|
properties: {
|
|
publicAccess: 'None'
|
|
}
|
|
}
|
|
|
|
// Configure file services.
|
|
resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2023-01-01' = {
|
|
parent: storageAccount
|
|
name: 'default'
|
|
properties: {
|
|
shareDeleteRetentionPolicy: {
|
|
enabled: true
|
|
days: 7
|
|
}
|
|
}
|
|
}
|
|
|
|
// Create a file share.
|
|
resource share 'Microsoft.Storage/storageAccounts/fileServices/shares@2023-01-01' = {
|
|
parent: fileServices
|
|
name: shareName
|
|
properties: {
|
|
accessTier: 'TransactionOptimized'
|
|
}
|
|
}
|
|
|
|
// Override Defender for Storage settings on a Storage Account.
|
|
resource defenderForStorageSettings 'Microsoft.Security/defenderForStorageSettings@2022-12-01-preview' = {
|
|
name: 'current'
|
|
scope: storageAccount
|
|
properties: {
|
|
isEnabled: true
|
|
malwareScanning: {
|
|
onUpload: {
|
|
isEnabled: true
|
|
capGBPerMonth: 5000
|
|
}
|
|
}
|
|
sensitiveDataDiscovery: {
|
|
isEnabled: true
|
|
}
|
|
overrideSubscriptionLevelSettings: false
|
|
}
|
|
}
|