Top / Microsoft Azure / Azure Storage / Object Replication

Azure Storage Object Replication

This page shows how to write Terraform and Azure Resource Manager for Storage Object Replication and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_storage_object_replication (Terraform)

The Object Replication in Storage can be configured in Terraform with the resource name azurerm_storage_object_replication. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • source_storage_account_id - (Required) The ID of the source storage account. Changing this forces a new Storage Object Replication to be created.

  • destination_storage_account_id - (Required) The ID of the destination storage account. Changing this forces a new Storage Object Replication to be created.

  • rules - (Required) One or more rules blocks as defined below.

A rules block supports the following:

  • source_container_name - (Required) The source storage container name. Changing this forces a new Storage Object Replication to be created.

  • destination_container_name - (Required) The destination storage container name. Changing this forces a new Storage Object Replication to be created.

  • copy_blobs_created_after - (Optional) The time after which the Block Blobs created will be copies to the destination. Possible values are OnlyNewObjects, Everything and time in RFC3339 format: 2006-01-02T15:04:00Z.

  • filter_out_blobs_with_prefix - (Optional) Specifies a list of filters prefixes, the blobs whose names begin with which will be replicated.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Storage Object Replication in the destination storage account. It's composed as format source_object_replication_id;destination_object_replication_id.

  • source_object_replication_id - The ID of the Object Replication in the source storage account.

  • destination_object_replication_id - The ID of the Object Replication in the destination storage account.

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Storage Object Replication.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Storage Resources

In addition to the azurerm_storage_account, Azure Storage has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_storage_account

Ensure to use HTTPS connections

It is better to use HTTPS instead of HTTP, which could be vulnerable to person-in-the-middle attacks.

risk-label

azurerm_storage_account_network_rules

Ensure to allow Trusted Microsoft Services to bypass

It is better to allow Trusted Microsoft Services to bypass. They are not able to access storage account unless rules are set to allow them explicitly.

Review your Azure Storage settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Storage/storageAccounts/objectReplicationPolicies (Azure Resource Manager)

The storageAccounts/objectReplicationPolicies in Microsoft.Storage can be configured in Azure Resource Manager with the resource name Microsoft.Storage/storageAccounts/objectReplicationPolicies. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

  • apiVersion required - string
  • name required - string

    For the destination account, provide the value 'default'. Configure the policy on the destination account first. For the source account, provide the value of the policy ID that is returned when you download the policy that was defined on the destination account. The policy is downloaded as a JSON file.

  • properties optional
      • destinationAccount required - string

        Required. Destination account name. It should be full resource id if allowCrossTenantReplication set to false.

      • rules optional array
          • destinationContainer required - string

            Required. Destination container name.

          • filters optional
              • minCreationTime optional - string

                Blobs created after the time will be replicated to the destination. It must be in datetime format 'yyyy-MM-ddTHH:mm:ssZ'. Example: 2020-02-19T16:05:00Z

              • prefixMatch optional - array

                Optional. Filters the results to replicate only blobs whose names begin with the specified prefix.

          • ruleId optional - string

            Rule Id is auto-generated for each new rule on destination account. It is required for put policy on source account.

          • sourceContainer required - string

            Required. Source container name.

      • sourceAccount required - string

        Required. Source account name. It should be full resource id if allowCrossTenantReplication set to false.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Storage Resources

Frequently asked questions

What is Azure Storage Object Replication?

Azure Storage Object Replication is a resource for Storage of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents