The sku for the Azure bicep Storage account is read-only.

Published: 13 February 2022 / Updated: 18 February 2022

Problem

I’m attempting to use Azure Bicep to deploy a storage account.

In my code:

resource storageAccounts_storageacntin_name_default 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' = {
  parent: storageAccounts_storageacntin_name_resource
  name: 'default'
  sku: {
    name: 'Standard_RAGRS'
    tier: 'Standard'
  }
  properties: {
    changeFeed: {
      enabled: false
    }
    restorePolicy: {
      enabled: false
    }
    containerDeleteRetentionPolicy: {
      enabled: true
      days: 7
    }
    cors: {
      corsRules: []
    }
    deleteRetentionPolicy: {
      enabled: true
      days: 30
    }
    isVersioningEnabled: true
  }
}

In the SKU, I get an error. The following is the error:

The property "sku" is read-only. Expressions cannot be assigned to read-only properties.bicep(BCP073)

I’m not sure why this problem is appearing; I’m still new to Azure Bicep and am trying to transition from terraform deployments to Azure Bicep. Could someone please explain why this mistake is occurring and how to resolve it? Thank you a lot.

UPDATE CODE:

When I removed the sku, I received this error.

param storageAccounts array = [
  'storage1'
]

resource storage_Accounts 'Microsoft.Storage/storageAccounts@2021-04-01' = [ for storageName in storageAccounts :{
  name: [storageName]
  location: 'westeurope'
  sku: {
    name: 'Standard_RAGRS'
    tier: 'Standard'
  }
  kind: 'StorageV2'
  properties: {
    allowCrossTenantReplication: true
    minimumTlsVersion: 'TLS1_2'
    allowBlobPublicAccess: false
    allowSharedKeyAccess: true
    networkAcls: {
      bypass: 'AzureServices'
      virtualNetworkRules: []
      ipRules: []
      defaultAction: 'Allow'
    }
    supportsHttpsTrafficOnly: true
    encryption: {
      services: {
        file: {
          keyType: 'Account'
          enabled: true
        }
        blob: {
          keyType: 'Account'
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
    accessTier: 'Hot'
  }
}]

resource storageAccounts_hamzaelaouane1_name_default 'Microsoft.Storage/storageAccounts/blobServices@2021-04-01' = [ for storageName in storageAccounts: {
  parent: [storage_Accounts]
  name: storageName
  properties: {
    changeFeed: {
      enabled: false
    }
    restorePolicy: {
      enabled: false
    }
    containerDeleteRetentionPolicy: {
      enabled: true
      days: 7
    }
    cors: {
      corsRules: []
    }
    deleteRetentionPolicy: {
      enabled: true
      days: 30
    }
    isVersioningEnabled: true
  }
}
]

The problem can be seen on the last two lines. It states that [and] is expected at that point. I couldn’t find any syntax errors when I checked line by line.

Asked by Nayden Van

Solution #1

For services like blobServices and fileServices that are under a storage account, the sku field is read-only.

At the Storage Account level (Microsoft.Storage/storageAccounts@2021-04-01), you can (only) set the SKU.

Because it’s based on the SKU name, the tier field on the storage account is similarly read-only. You should be fine to go after removing these fields.

Answered by rickvdbosch

Post is based on https://stackoverflow.com/questions/69345318/azure-bicep-storage-account-sku-is-read-only