An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, and tables. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. For more information about Azure storage accounts, see Storage account overview. To create a storage account specifically for use with Azure Files, see Create an SMB file share.
None.
To create an Azure storage account with PowerShell, make sure you have installed the latest Azure Az PowerShell module. See Install the Azure PowerShell module.
You can sign in to Azure and run Azure CLI commands in one of two ways:
Azure Cloud Shell is a free Bash shell that you can run directly within the Azure portal. The Azure CLI is preinstalled and configured to use with your account. Select the Cloud Shell button on the menu in the upper-right section of the Azure portal:
The button launches an interactive shell that you can use to run the steps outlined in this how-to article:
Install the Azure CLI locallyYou can also install and use the Azure CLI locally. If you plan to use Azure CLI locally, make sure you have installed the latest version of the Azure CLI. See Install the Azure CLI.
None.
None.
The Azure Developer CLI (azd) is an open-source, command-line tool that streamlines provisioning and deploying resources to Azure using a template system. azd is available for several development environments, including the following:
Locally via CLI by installing azd.
GitHub Codespaces environments.
The Azure portal using Cloud Shell
Note
The azd template includes a .devcontainer that already has azd installed, therefore you can skip the installation step if you plan to use a devcontainer either locally or in an environment like Codespaces.
You need an Azure account with an active subscription. You can create an account for free.
Next, sign in to Azure.
Sign in to the Azure portal.
Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions to authenticate.
Connect-AzAccount
To launch Azure Cloud Shell, sign in to the Azure portal.
To log into your local installation of the CLI, run the az sign-in command:
az login
N/A
N/A
If you plan to use azd via Cloud Shell:
Sign-in to the Azure portal
Launch Cloud Shell by clicking on the corresponding icon. azd is automatically available in Cloud Shell and will authenticate via the account you used to sign-in to the Azure portal.
To sign-in to a local installation of azd or Codespaces environment, run the azd auth sign-in command:
azd auth login
azd will launch a browser window that you can use to sign-in to Azure.
Authenticate Terraform to Azure
A storage account is an Azure Resource Manager resource. Resource Manager is the deployment and management service for Azure. For more information, see Azure Resource Manager overview.
Every Resource Manager resource, including an Azure storage account, must belong to an Azure resource group. A resource group is a logical container for grouping your Azure services. When you create a storage account, you have the option to either create a new resource group, or use an existing resource group. This how-to shows how to create a new resource group.
When you create a storage account using PowerShell, the Azure CLI, Bicep, Azure Templates, or the Azure Developer CLI, the storage account type is specified by the kind parameter (for example, StorageV2). The performance tier and redundancy configuration are specified together by the sku or SkuName parameter (for example, Standard_GRS). The following table shows which values to use for the kind parameter and the sku or SkuName parameter to create a particular type of storage account with the desired redundancy configuration.
To create an Azure storage account with the Azure portal, follow these steps:
From the left portal menu, select Storage accounts to display a list of your storage accounts. If the portal menu isn't visible, select the menu button to toggle it on.
On the Storage accounts page, select Create.
Options for your new storage account are organized into tabs in the Create a storage account page. The following sections describe each of the tabs and their options.
Basics tabOn the Basics tab, provide the essential information for your storage account. After you complete the Basics tab, you can choose to further customize your new storage account by setting options on the other tabs, or you can select Review + create to accept the default options and proceed to validate and create the account.
The following table describes the fields on the Basics tab.
Section Field Required or optional Description Project details Subscription Required Select the subscription for the new storage account. Project details Resource group Required Create a new resource group for this storage account, or select an existing one. For more information, see Resource groups. Instance details Storage account name Required Choose a unique name for your storage account. Storage account names must be between 3 and 24 characters in length and might contain numbers and lowercase letters only. Instance details Region Required Select the appropriate region for your storage account. For more information, see Regions and Availability Zones in Azure.Not all regions are supported for all types of storage accounts or redundancy configurations. For more information, see Azure Storage redundancy.
The choice of region can have a billing impact. For more information, see Storage account billing.
Instance details Performance Required Select Standard performance for general-purpose v2 storage accounts (default). This type of account is recommended by Microsoft for most scenarios. For more information, see Types of storage accounts.Select Premium for scenarios requiring low latency. After selecting Premium, select the type of premium storage account to create. The following types of premium storage accounts are available:
Instance details Redundancy Required Select your desired redundancy configuration. Not all redundancy options are available for all types of storage accounts in all regions. For more information about redundancy configurations, see Azure Storage redundancy.If you select a geo-redundant configuration (GRS or GZRS), your data is replicated to a data center in a different region. For read access to data in the secondary region, select Make read access to data available in the event of regional unavailability.
The following image shows a standard configuration of the basic properties for a new storage account.
Advanced tabOn the Advanced tab, you can configure additional options and modify default settings for your new storage account. Some of these options can also be configured after the storage account is created, while others must be configured at the time of creation.
The following table describes the fields on the Advanced tab.
Section Field Required or optional Description Security Require secure transfer for REST API operations Optional Require secure transfer to ensure that incoming requests to this storage account are made only via HTTPS (default). Recommended for optimal security. For more information, see Require secure transfer to ensure secure connections. Security Allow enabling anonymous access on individual containers Optional When enabled, this setting allows a user with the appropriate permissions to enable anonymous access to a container in the storage account (default). Disabling this setting prevents all anonymous access to the storage account. Microsoft recommends disabling this setting for optimal security.For more information, see Prevent anonymous read access to containers and blobs.
Enabling anonymous access does not make blob data available for anonymous access unless the user takes the additional step to explicitly configure the container's anonymous access setting.
Security Enable storage account key access Optional When enabled, this setting allows clients to authorize requests to the storage account using either the account access keys or a Microsoft Entra account (default). Disabling this setting prevents authorization with the account access keys. For more information, see Prevent Shared Key authorization for an Azure Storage account. Security Default to Microsoft Entra authorization in the Azure portal Optional When enabled, the Azure portal authorizes data operations with the user's Microsoft Entra credentials by default. If the user does not have the appropriate permissions assigned via Azure role-based access control (Azure RBAC) to perform data operations, then the portal will use the account access keys for data access instead. The user can also choose to switch to using the account access keys. For more information, see Default to Microsoft Entra authorization in the Azure portal. Security Minimum TLS version Required Select the minimum version of Transport Layer Security (TLS) for incoming requests to the storage account. The default value is TLS version 1.2. When set to the default value, incoming requests made using TLS 1.0 or TLS 1.1 are rejected. For more information, see Enforce a minimum required version of Transport Layer Security (TLS) for requests to a storage account. Security Permitted scope for copy operations (preview) Required Select the scope of storage accounts from which data can be copied to the new account. The default value is
From any storage account. When set to the default value, users with the appropriate permissions can copy data from any storage account to the new account.
Select From storage accounts in the same Azure AD tenant to only allow copy operations from storage accounts within the same Microsoft Entra tenant.
From storage accounts that have a private endpoint to the same virtual network to only allow copy operations from storage accounts with private endpoints on the same virtual network.
For more information, see Restrict the source of copy operations to a storage account.
Data Lake Storage Enable hierarchical namespace Optional To use this storage account for Azure Data Lake Storage workloads, configure a hierarchical namespace. For more information, see Introduction to Azure Data Lake Storage. Blob storage Enable SFTP Optional Enable the use of Secure File Transfer Protocol (SFTP) to securely transfer of data over the internet. For more information, see Secure File Transfer (SFTP) protocol support in Azure Blob Storage. Blob storage Enable network file system (NFS) v3 Optional NFS v3 provides Linux file system compatibility at object storage scale enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises. For more information, see Network File System (NFS) 3.0 protocol support in Azure Blob Storage. Blob storage Allow cross-tenant replication Required By default, users with appropriate permissions can configure object replication across Microsoft Entra tenants. To prevent replication across tenants, deselect this option. For more information, see Prevent replication across Microsoft Entra tenants. Blob storage Access tier Required Blob access tiers enable you to store blob data in the most cost-effective manner, based on usage. Select the hot tier (default) for frequently accessed data. Select the cool tier for infrequently accessed data. For more information, see Hot, Cool, and Archive access tiers for blob data.The following image shows a standard configuration of the advanced properties for a new storage account.
Networking tabOn the Networking tab, you can configure network connectivity and routing preference settings for your new storage account. These options can also be configured after the storage account is created.
The following table describes the fields on the Networking tab.
Section Field Required or optional Description Network connectivity Network access Required By default, incoming network traffic is routed to the public endpoint for your storage account. You can specify that traffic must be routed to the public endpoint through an Azure virtual network. You can also configure private endpoints for your storage account. For more information, see Use private endpoints for Azure Storage. Network connectivity Endpoint type Required Azure Storage supports two types of endpoints: standard endpoints (the default) and Azure DNS zone endpoints (preview). Within a given subscription, you can create up to 2501 accounts with standard endpoints per region, and up to 5000 accounts with Azure DNS zone endpoints per region, for a total of 5250 storage accounts. To register for the preview, see About the preview. Network routing Routing preference Required The network routing preference specifies how network traffic is routed to the public endpoint of your storage account from clients over the internet. By default, a new storage account uses Microsoft network routing. You can also choose to route network traffic through the POP closest to the storage account, which might lower networking costs. For more information, see Network routing preference for Azure Storage.1 With a quota increase, you can create up to 500 storage accounts with standard endpoints per region in a given subscription, for a total of 5500 storage accounts per region. For more information, see Increase Azure Storage account quotas.
The following image shows a standard configuration of the networking properties for a new storage account.
Data protection tabOn the Data protection tab, you can configure data protection options for blob data in your new storage account. These options can also be configured after the storage account is created. For an overview of data protection options in Azure Storage, see Data protection overview.
The following table describes the fields on the Data protection tab.
Section Field Required or optional Description Recovery Enable point-in-time restore for containers Optional Point-in-time restore provides protection against accidental deletion or corruption by enabling you to restore block blob data to an earlier state. For more information, see Point-in-time restore for block blobs.Enabling point-in-time restore also enables blob versioning, blob soft delete, and blob change feed. These prerequisite features might have a cost impact. For more information, see Pricing and billing for point-in-time restore.
Recovery Enable soft delete for blobs Optional Blob soft delete protects an individual blob, snapshot, or version from accidental deletes or overwrites by maintaining the deleted data in the system for a specified retention period. During the retention period, you can restore a soft-deleted object to its state at the time it was deleted. For more information, see Soft delete for blobs.Microsoft recommends enabling blob soft delete for your storage accounts and setting a minimum retention period of seven days.
Recovery Enable soft delete for containers Optional Container soft delete protects a container and its contents from accidental deletes by maintaining the deleted data in the system for a specified retention period. During the retention period, you can restore a soft-deleted container to its state at the time it was deleted. For more information, see Soft delete for containers.Microsoft recommends enabling container soft delete for your storage accounts and setting a minimum retention period of seven days.
Recovery Enable soft delete for file shares Optional Soft delete for file shares protects a file share and its contents from accidental deletes by maintaining the deleted data in the system for a specified retention period. During the retention period, you can restore a soft-deleted file share to its state at the time it was deleted. For more information, see Prevent accidental deletion of Azure file shares.Microsoft recommends enabling soft delete for file shares for Azure Files workloads and setting a minimum retention period of seven days.
Tracking Enable versioning for blobs Optional Blob versioning automatically saves the state of a blob in a previous version when the blob is overwritten. For more information, see Blob versioning.Microsoft recommends enabling blob versioning for optimal data protection for the storage account.
Tracking Enable blob change feed Optional The blob change feed provides transaction logs of all changes to all blobs in your storage account, as well as to their metadata. For more information, see Change feed support in Azure Blob Storage. Access control Enable version-level immutability support Optional Enable support for immutability policies that are scoped to the blob version. If this option is selected, then after you create the storage account, you can configure a default time-based retention policy for the account or for the container, which blob versions within the account or container will inherit by default. For more information, see Enable version-level immutability support on a storage account.The following image shows a standard configuration of the data protection properties for a new storage account.
Encryption tabOn the Encryption tab, you can configure options that relate to how your data is encrypted when it is persisted to the cloud. Some of these options can be configured only when you create the storage account.
Field Required or optional Description Encryption type Required By default, data in the storage account is encrypted by using Microsoft-managed keys. You can rely on Microsoft-managed keys for the encryption of your data, or you can manage encryption with your own keys. For more information, see Azure Storage encryption for data at rest. Enable support for customer-managed keys Required By default, customer managed keys can be used to encrypt only blobs and files. Set this option to All service types (blobs, files, tables, and queues) to enable support for customer-managed keys for all services. You are not required to use customer-managed keys if you choose this option. For more information, see Customer-managed keys for Azure Storage encryption. Encryption key Required if Encryption type field is set to Customer-managed keys. If you choose Select a key vault and key, you are presented with the option to navigate to the key vault and key that you wish to use. If you choose Enter key from URI, then you are presented with a field to enter the key URI and the subscription. User-assigned identity Required if Encryption type field is set to Customer-managed keys. If you are configuring customer-managed keys at create time for the storage account, you must provide a user-assigned identity to use for authorizing access to the key vault. Enable infrastructure encryption Optional By default, infrastructure encryption is not enabled. Enable infrastructure encryption to encrypt your data at both the service level and the infrastructure level. For more information, see Create a storage account with infrastructure encryption enabled for double encryption of data.The following image shows a standard configuration of the encryption properties for a new storage account.
Tags tabOn the Tags tab, you can specify Resource Manager tags to help organize your Azure resources. For more information, see Tag resources, resource groups, and subscriptions for logical organization.
The following image shows a standard configuration of the index tag properties for a new storage account.
Review + create tabWhen you navigate to the Review + create tab, Azure runs validation on the storage account settings that you have chosen. If validation passes, you can proceed to create the storage account.
If validation fails, then the portal indicates which settings need to be modified.
The following image shows the Review tab data prior to the creation of a new storage account.
To create a general-purpose v2 storage account with PowerShell, first create a new resource group by calling the New-AzResourceGroup command:
$resourceGroup = "<resource-group>"
$location = "<location>"
New-AzResourceGroup -Name $resourceGroup -Location $location
If you're not sure which region to specify for the -Location parameter, you can retrieve a list of supported regions for your subscription with the Get-AzLocation command:
Get-AzLocation | select Location
Next, create a standard general-purpose v2 storage account with read-access geo-redundant storage (RA-GRS) by using the New-AzStorageAccount command. Remember that the name of your storage account must be unique across Azure, so replace the placeholder value in brackets with your own unique value:
New-AzStorageAccount -ResourceGroupName $resourceGroup `
-Name <account-name> `
-Location $location `
-SkuName Standard_RAGRS `
-Kind StorageV2 `
-AllowBlobPublicAccess $false `
-MinimumTlsVersion TLS1_2
To create an account with Azure DNS zone endpoints (preview), follow these steps:
Register for the preview as described in Azure DNS zone endpoints (preview).
Make sure you have the latest version of PowerShellGet installed.
Install-Module PowerShellGet -Repository PSGallery -Force
Close and reopen the PowerShell console.
Install version 4.4.2-preview or later of the Az.Storage PowerShell module. You might need to uninstall other versions of the PowerShell module. For more information about installing Azure PowerShell, see Install Azure PowerShell with PowerShellGet.
Install-Module Az.Storage -Repository PsGallery -RequiredVersion 4.4.2-preview -AllowClobber -AllowPrerelease -Force
Next, create the account, specifying AzureDnsZone for the -DnsEndpointType parameter. After the account is created, you can see the service endpoints by getting the PrimaryEndpoints and SecondaryEndpoints properties for the storage account.
$rgName = "<resource-group>"
$accountName = "<storage-account>"
$account = New-AzStorageAccount -ResourceGroupName $rgName `
-Name $accountName `
-SkuName Standard_RAGRS `
-Location <location> `
-Kind StorageV2 `
-AllowBlobPublicAccess $false `
-MinimumTlsVersion TLS1_2 `
-DnsEndpointType AzureDnsZone
$account.PrimaryEndpoints
$account.SecondaryEndpoints
To enable a hierarchical namespace for the storage account to use Azure Data Lake Storage, set the EnableHierarchicalNamespace parameter to $True on the call to the New-AzStorageAccount command.
The following table shows which values to use for the SkuName and Kind parameters to create a particular type of storage account with the desired redundancy configuration.
To create a general-purpose v2 storage account with Azure CLI, first create a new resource group by calling the az group create command.
az group create \
--name storage-resource-group \
--location eastus
If you're not sure which region to specify for the --location parameter, you can retrieve a list of supported regions for your subscription with the az account list-locations command.
az account list-locations \
--query "[].{Region:name}" \
--out table
Next, create a standard general-purpose v2 storage account with read-access geo-redundant storage by using the az storage account create command. Remember that the name of your storage account must be unique across Azure, so replace the placeholder value in brackets with your own unique value:
az storage account create \
--name <account-name> \
--resource-group storage-resource-group \
--location eastus \
--sku Standard_RAGRS \
--kind StorageV2 \
--min-tls-version TLS1_2 \
--allow-blob-public-access false
To create an account with Azure DNS zone endpoints (preview), first register for the preview as described in Azure DNS zone endpoints (preview). Next, install the preview extension for the Azure CLI if it's not already installed:
az extension add --name storage-preview
Next, create the account, specifying AzureDnsZone for the --dns-endpoint-type parameter. After the account is created, you can see the service endpoints by getting the PrimaryEndpoints property of the storage account.
az storage account create \
--name <account-name> \
--resource-group <resource-group> \
--location <location> \
--min-tls-version TLS1_2 \
--allow-blob-public-access false \
--dns-endpoint-type AzureDnsZone
After the account is created, you can return the service endpoints by getting the primaryEndpoints and secondaryEndpoints properties for the storage account.
az storage account show \
--resource-group <resource-group> \
--name <account-name> \
--query '[primaryEndpoints, secondaryEndpoints]'
To enable a hierarchical namespace for the storage account to use Azure Data Lake Storage, set the enable-hierarchical-namespace parameter to true on the call to the az storage account create command. Creating a hierarchical namespace requires Azure CLI version 2.0.79 or later.
You can use either Azure PowerShell or Azure CLI to deploy a Bicep file to create a storage account. The Bicep file used in this how-to article is from Azure Resource Manager quickstart templates. Bicep currently doesn't support deploying a remote file. Download and save the Bicep file to your local computer, and then run the scripts.
$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
$location = Read-Host -Prompt "Enter the location (i.e. centralus)"
New-AzResourceGroup -Name $resourceGroupName -Location "$location"
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile "main.bicep"
echo "Enter the Resource Group name:" &&
read resourceGroupName &&
echo "Enter the location (i.e. centralus):" &&
read location &&
az group create --name $resourceGroupName --location "$location" &&
az deployment group create --resource-group $resourceGroupName --template-file "main.bicep"
Note
This Bicep file serves only as an example. There are many storage account settings that aren't configured as part of this Bicep file. For example, if you want to use Data Lake Storage, you would modify this Bicep file by setting the isHnsEnabled property of the StorageAccountPropertiesCreateParameters object to true.
To learn how to modify this Bicep file or create new ones, see:
You can use either Azure PowerShell or Azure CLI to deploy a Resource Manager template to create a storage account. The template used in this how-to article is from Azure Resource Manager quickstart templates. To run the scripts, select Try it to open the Azure Cloud Shell. To paste the script, right-click the shell, and then select Paste.
$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
$location = Read-Host -Prompt "Enter the location (i.e. centralus)"
New-AzResourceGroup -Name $resourceGroupName -Location "$location"
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.storage/storage-account-create/azuredeploy.json"
echo "Enter the Resource Group name:" &&
read resourceGroupName &&
echo "Enter the location (i.e. centralus):" &&
read location &&
az group create --name $resourceGroupName --location "$location" &&
az deployment group create --resource-group $resourceGroupName --template-uri "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.storage/storage-account-create/azuredeploy.json"
Note
This template serves only as an example. There are many storage account settings that aren't configured as part of this template. For example, if you want to use Data Lake Storage, you would modify this template by setting the isHnsEnabled property of the StorageAccountPropertiesCreateParameters object to true.
To learn how to modify this template or create new ones, see:
The Azure Developer CLI (azd) is designed around azd templates. These templates leverage Bicep files, basic configurations and automation tasks to provision and deploy resources to Azure. You can also view the source code for the template in the create a storage account quickstart repository.
Initialize and run the template for this quickstart using the following steps:
Run the azd init command in a local terminal or CloudShell:
azd init --template https://github.com/azure-samples/azd-create-storage-account
azd will prompt you for an environment name, which will determine the naming of provisioned resources in Azure. Enter the name azdstorage and press enter.
Next, run the azd up command to begin the template provisioning and deployment process.
azd up
If you are not already authenticated to Azure, azd will output a message instructing you to sign-in to Azure using the azd auth login command.
azd auth login
Once you are authenticated, azd will prompt you for the Azure location to provision the storage account to from a list of regions. Select your desired location from the list and press enter.
azd will also prompt you for a storage account type. The type is a custom parameter that was added to the azd template to add flexibility to the storage account provisioning. Choose Standard_LRS or whatever type you would like, and then press enter.
azd will begin provisioning the storage account. The command output will provide a link to the deployment in Azure and status details until the command finishes.
When the command finishes, click the link to open the Azure portal to the provisioned resource group and storage account.
The sample code for this article is located in the Azure Terraform GitHub repo. You can view the log file containing the test results from current and previous versions of Terraform. See more articles and sample code showing how to use Terraform to manage Azure resources
Create a directory in which to test and run the sample Terraform code, and make it the current directory.
Create a file named providers.tf, and insert the following code:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>4.0"
}
random = {
source = "hashicorp/random"
version = "~>3.0"
}
}
}
provider "azurerm" {
features {}
}
Create a file named main.tf, and insert the following code:
# Create Resource Group
resource "random_pet" "rg_name" {
prefix = var.resource_group_name_prefix
}
resource "azurerm_resource_group" "rg" {
location = var.resource_group_location
name = random_pet.rg_name.id
}
# Random String for unique naming
resource "random_string" "name" {
length = 8
special = false
upper = false
lower = true
numeric = false
}
# Create Storage Account
resource "azurerm_storage_account" "sa" {
name = "sa${random_string.name.result}"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "RAGRS"
account_kind = "StorageV2"
min_tls_version = "TLS1_2"
allow_nested_items_to_be_public = false
}
Create a file named variables.tf, and insert the following code:
variable "resource_group_location" {
type = string
default = "eastus"
description = "Location of the resource group."
}
variable "resource_group_name_prefix" {
type = string
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
Create a file named outputs.tf, and insert the following code:
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
output "storage_account_name" {
value = azurerm_storage_account.sa.name
}
Important
If you're using the 4.x azurerm provider, you must explicitly specify the Azure subscription ID to authenticate to Azure before running the Terraform commands.
One way to specify the Azure subscription ID without putting it in the providers block is to specify the subscription ID in an environment variable named ARM_SUBSCRIPTION_ID.
For more information, see the Azure provider reference documentation.
Initialize Terraform.
Run terraform init to initialize the Terraform deployment. This command downloads the Azure provider required to manage your Azure resources.
terraform init -upgrade
Key points:
-upgrade parameter upgrades the necessary provider plugins to the newest version that complies with the configuration's version constraints.Create a Terraform execution plan.
Run terraform plan to create an execution plan.
terraform plan -out main.tfplan
Key points:
terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources.-out parameter allows you to specify an output file for the plan. Using the -out parameter ensures that the plan you reviewed is exactly what is applied.Apply a Terraform execution plan.
Run terraform apply to apply the execution plan to your cloud infrastructure.
terraform apply main.tfplan
Key points:
terraform apply command assumes you previously ran terraform plan -out main.tfplan.-out parameter, use that same filename in the call to terraform apply.-out parameter, call terraform apply without any parameters.Deleting a storage account deletes the entire account, including all data in the account. Be sure to back up any data you want to save before you delete the account.
Under certain circumstances, a deleted storage account might be recovered, but recovery is not guaranteed. For more information, see Recover a deleted storage account.
If you try to delete a storage account associated with an Azure virtual machine, you might get an error about the storage account still being in use. For help with troubleshooting this error, see Troubleshoot errors when you delete storage accounts.
To delete the storage account, use the Remove-AzStorageAccount command:
Remove-AzStorageAccount -Name <storage-account> -ResourceGroupName <resource-group>
To delete the storage account, use the az storage account delete command:
az storage account delete --name <storage-account> --resource-group <resource-group>
To delete the storage account, use either Azure PowerShell or Azure CLI.
$storageResourceGroupName = Read-Host -Prompt "Enter the resource group name"
$storageAccountName = Read-Host -Prompt "Enter the storage account name"
Remove-AzStorageAccount -Name $storageAccountName -ResourceGroupName $storageResourceGroupName
echo "Enter the resource group name:" &&
read resourceGroupName &&
echo "Enter the storage account name:" &&
read storageAccountName &&
az storage account delete --name storageAccountName --resource-group resourceGroupName
To delete the storage account, use either Azure PowerShell or Azure CLI.
$storageResourceGroupName = Read-Host -Prompt "Enter the resource group name"
$storageAccountName = Read-Host -Prompt "Enter the storage account name"
Remove-AzStorageAccount -Name $storageAccountName -ResourceGroupName $storageResourceGroupName
echo "Enter the resource group name:" &&
read resourceGroupName &&
echo "Enter the storage account name:" &&
read storageAccountName &&
az storage account delete --name storageAccountName --resource-group resourceGroupName
To delete the resource group and storage account created by azd, use the azd down command:
azd down
When you no longer need the resources created via Terraform, do the following steps:
Run terraform plan and specify the destroy flag.
terraform plan -destroy -out main.destroy.tfplan
Key points:
terraform plan command creates an execution plan, but doesn't execute it. Instead, it determines what actions are necessary to create the configuration specified in your configuration files. This pattern allows you to verify whether the execution plan matches your expectations before making any changes to actual resources.-out parameter allows you to specify an output file for the plan. Using the -out parameter ensures that the plan you reviewed is exactly what is applied.Run terraform apply to apply the execution plan.
terraform apply main.destroy.tfplan
Alternately, you can delete the resource group, which deletes the storage account and any other resources in that resource group. For more information about deleting a resource group, see Delete resource group and resources.
General purpose v1 (GPv1) storage accounts can no longer be created from the Azure portal. If you need to create a GPv1 storage account, follow the steps in section Create a storage account for PowerShell, the Azure CLI, Bicep, or Azure Templates. For the kind parameter, specify Storage, and choose a sku or SkuName from the table of supported values.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4