Implementing advanced security features with Azure Storage services.
Set the initial variables:
cp config/template.tfvars .auto.tfvars
Create the test infrastructure and storage:
terraform init
terraform apply -auto-approve
Use the Portal to create the containers app1
and app2
with the respective encryption scopes.
Do not enforce default for all blobs, so it is possible to test the scenarios with the app in this repository.
From the documentation:
- Standard allows you to have any data service (Blob, File, Queue, Table) and uses magnetic disk drives.
- Premium provides more services for storing data. For example, storing unstructured object data as block blobs or append blobs, and specialized file storage used to store and create premium file shares. These storage accounts use solid-state drives (SSD) for storage.
Additional comment on number of storages:
Typically, your data diversity, cost sensitivity, and tolerance for management overhead determine the number of storage accounts you need.
- Browser uploads
- Distributed access
- Streaming data
- Archiving and recovery
- Application access
- Private: (Default) Prohibit anonymous access to the container and blobs.
- Blob: Allow anonymous public read access for the blobs only.
- Container: Allow anonymous public read and list access to the entire container, including the blobs.
Check the documentation: Access Tiers
- Block: Binary or text files
- Append: Logs
- Page: Disks
Check the documentation for authorization options.
Must use the REST API.
Must use the REST API.
TODO: Need to implement this.
Connection via Service Endpoints where subnet should have Microsoft.Storage
endpoint assigned.
Check the private DNS zones for Storage.
- Stored access policies
- Immutable blob storage
- Legal hold
- Time-based retention