Azure ep Template

Published: 13 February 2022 / Updated: 18 February 2022

Tag: azure, azure-bicep, azure-devops, azure-template

Problem

I’m working on creating an Azure bicep file that will let me to deploy Azure resources.

I’m building a storage account, a handful of containers, and some management policies all in the same bicep file. The following is taken from the Microsoft documentation:

Despite following the documentation in terms of setting the last access time tracking policy and running the management policies in the same bicep file, I continue to receive the following error:

Here’s the link to my biceps file:

resource storage_account_blob 'Microsoft.Storage/storageAccounts@2019-06-01' = {
    name: 'test'
    location: 'East US'
    sku: {
        name: 'Standard_RAGRS'
    }
    kind: 'StorageV2'

    properties: {
        networkAcls: {
      bypass: 'AzureServices'
      virtualNetworkRules: []
      ipRules: []
      defaultAction: 'Allow'
    }

    supportsHttpsTrafficOnly: true
    encryption: {
      services: {
        file: {
          keyType: 'Account'
          enabled: true
        }
        blob: {
          keyType: 'Account'
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
  }
}

resource blobStorageService 'Microsoft.Storage/storageAccounts/blobServices@2019-06-01' = {
    parent: storage_account_blob
    name: 'default'
    properties: {
      lastAccessTimeTrackingPolicy: {
        blobType: [
           'string'
           ]
        enable: true
        name: 'AccessTimeTracking'
        trackingGranularityInDays: 1
      }
    }
}

resource blobStorage_container_input 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = {
    name: 'input'
    properties: {
    defaultEncryptionScope: '$account-encryption-key'
    denyEncryptionScopeOverride: false   
    publicAccess: 'None'
    }
    parent: blobStorageService
}

resource management_policies 'Microsoft.Storage/storageAccounts/managementPolicies@2019-06-01' = {
  name: 'default'
  properties: {
    policy:{
      rules: [
        {
          definition:{
            actions:{
              baseBlob:{
                delete:{
                  daysAfterLastAccessTimeGreaterThan: 60
                }
                tierToArchive:{
                  daysAfterLastAccessTimeGreaterThan: 30
                }
                tierToCool:{
                  daysAfterLastAccessTimeGreaterThan:15
                }
              }
            }
            filters:{
              blobTypes:[
                'blockBlob'
              ]
            }
          }
          enabled: true
          name: 'testRules'
          type: 'Lifecycle'
        }
      ]
    }
  }
  parent: storage_account_blob
}

Is it necessary for me to first set up a storage account with the blob service before I can set up the life cycle management policies?

Asked by drai29

Solution #1

I’m not sure, but have you tried putting a “depends on” on “resource management policies” and pointing it to “resource blobStorageService”?

Answered by Jonatan Karlsson

Post is based on https://stackoverflow.com/questions/69510140/adding-life-cycle-management-rules-for-blob-storage-using-bicep-template-azure