From 48256a07e82b9fb090e50575c1160c3564e8d9d6 Mon Sep 17 00:00:00 2001 From: Jan Mallo Date: Mon, 18 Nov 2024 12:37:56 +0800 Subject: [PATCH 1/2] [u] update storage acct creation to include storageInfrastructureEncryption property --- infra/core/storage/storage-account.bicep | 8 ++++++++ infra/main.bicep | 3 +++ infra/main.parameters.json | 3 +++ 3 files changed, 14 insertions(+) diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep index 5dd98f1b9b..5b4eda4c5e 100644 --- a/infra/core/storage/storage-account.bicep +++ b/infra/core/storage/storage-account.bicep @@ -25,12 +25,19 @@ param publicNetworkAccess string = 'Enabled' param sku object = { name: 'Standard_LRS' } @allowed([ 'None', 'AzureServices' ]) param bypass string = 'AzureServices' +param storageInfrastructureEncryption string = 'Disabled' var networkAcls = (publicNetworkAccess == 'Enabled') ? { bypass: bypass defaultAction: 'Allow' } : { defaultAction: 'Deny' } +var encryption = (storageInfrastructureEncryption == 'Enabled') ? { + requireInfrastructureEncryption: true +} : { + requireInfrastructureEncryption: false +} + resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = { name: name location: location @@ -49,6 +56,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = { networkAcls: networkAcls publicNetworkAccess: publicNetworkAccess supportsHttpsTrafficOnly: supportsHttpsTrafficOnly + encryption: encryption } resource blobServices 'blobServices' = if (!empty(containers)) { diff --git a/infra/main.bicep b/infra/main.bicep index 344623df20..a031d9280f 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -36,6 +36,7 @@ param storageResourceGroupName string = '' // Set in main.parameters.json param storageResourceGroupLocation string = location param storageContainerName string = 'content' param storageSkuName string // Set in main.parameters.json +param storageInfrastructureEncryption string // Set in main.parameters.json param userStorageAccountName string = '' param userStorageContainerName string = 'user-content' @@ -662,6 +663,7 @@ module storage 'core/storage/storage-account.bicep' = { publicAccess: 'None' } ] + storageInfrastructureEncryption: storageInfrastructureEncryption } } @@ -688,6 +690,7 @@ module userStorage 'core/storage/storage-account.bicep' = if (useUserUpload) { publicAccess: 'None' } ] + storageInfrastructureEncryption: storageInfrastructureEncryption } } diff --git a/infra/main.parameters.json b/infra/main.parameters.json index a7ba80373e..dc0fa69210 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -80,6 +80,9 @@ "storageSkuName": { "value": "${AZURE_STORAGE_SKU=Standard_LRS}" }, + "storageInfrastructureEncryption": { + "value": "${AZURE_STORAGE_INFRA_ENCRYPTION}" + }, "appServicePlanName": { "value": "${AZURE_APP_SERVICE_PLAN}" }, From f55736fe564f5d1b489c306f659fdc251a8c55d4 Mon Sep 17 00:00:00 2001 From: Jan Mallo Date: Tue, 14 Jan 2025 14:59:16 +0800 Subject: [PATCH 2/2] [u] updated storage version --- infra/core/storage/storage-account.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep index 5b4eda4c5e..a69ad6d06e 100644 --- a/infra/core/storage/storage-account.bicep +++ b/infra/core/storage/storage-account.bicep @@ -38,7 +38,7 @@ var encryption = (storageInfrastructureEncryption == 'Enabled') ? { requireInfrastructureEncryption: false } -resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = { +resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' = { name: name location: location tags: tags