-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
34 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,61 +1,34 @@ | ||
| @description('The location for all resources.') | ||
| param location string | ||
|
|
||
| @description('The name of the storage account.') | ||
| param storageAccountName string | ||
|
|
||
| @description('The name of the container to create.') | ||
| param containerName string | ||
|
|
||
| @description('The IP address allowed to access the storage account.') | ||
| param allowedIP string | ||
|
|
||
| @description('The name of the Log Analytics workspace.') | ||
| param logAnalyticsWorkspaceName string | ||
|
|
||
| resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { | ||
| name: storageAccountName | ||
| location: location | ||
| sku: { | ||
| name: 'Standard_LRS' | ||
| } | ||
| kind: 'StorageV2' | ||
| properties: { | ||
| accessTier: 'Hot' | ||
| allowBlobPublicAccess: true // Enable blob public access | ||
| networkAcls: { | ||
| bypass: 'AzureServices' | ||
| defaultAction: 'Deny' | ||
| ipRules: [ | ||
| { | ||
| value: allowedIP | ||
| action: 'Allow' | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } | ||
|
|
||
| resource blobService 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = { | ||
| parent: storageAccount | ||
| name: 'default' | ||
| } | ||
|
|
||
| resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01' = { | ||
| parent: blobService | ||
| name: containerName | ||
| properties: { | ||
| publicAccess: 'Blob' // Allow public access at container level | ||
| } | ||
| } | ||
|
|
||
| resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { | ||
| name: logAnalyticsWorkspaceName | ||
| location: location | ||
| properties: { | ||
| sku: { | ||
| name: 'PerGB2018' | ||
| } | ||
| retentionInDays: 30 | ||
| } | ||
| } | ||
| name: Deploy Azure Storage Account | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| jobs: | ||
| deploy: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Login to Azure | ||
| uses: azure/login@v1 | ||
| with: | ||
| creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
|
|
||
| - name: Create Resource Group | ||
| run: | | ||
| az group create --name rrblobtest --location "UK West" | ||
|
|
||
| - name: Deploy Storage Account | ||
| run: | | ||
| az deployment group create \ | ||
| --resource-group rrblobtest \ | ||
| --template-file bicep/storage-account.bicep \ | ||
| --parameters location="UK West" \ | ||
| storageAccountName="test123434" \ | ||
| containerName="images" \ | ||
| allowedIP="92.16.42.251" \ | ||
| logAnalyticsWorkspaceName="rrlogtest" |