Data Source: azurermStorageAccountBlobContainerSas
Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account Blob Container.
Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account Blob Container.
Example Usage
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupRg = new azurerm.resourceGroup.ResourceGroup(
this,
"rg",
{
location: "West Europe",
name: "resourceGroupName",
}
);
const azurermStorageAccountStorage = new azurerm.storageAccount.StorageAccount(
this,
"storage",
{
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupRg.location,
name: "storageaccountname",
resource_group_name: azurermResourceGroupRg.name,
}
);
const azurermStorageContainerContainer =
new azurerm.storageContainer.StorageContainer(this, "container", {
container_access_type: "private",
name: "mycontainer",
storage_account_name: azurermStorageAccountStorage.name,
});
const dataAzurermStorageAccountBlobContainerSasExample =
new azurerm.dataAzurermStorageAccountBlobContainerSas.DataAzurermStorageAccountBlobContainerSas(
this,
"example",
{
cache_control: "max-age=5",
connection_string: azurermStorageAccountStorage.primaryConnectionString,
container_name: azurermStorageContainerContainer.name,
content_disposition: "inline",
content_encoding: "deflate",
content_language: "en-US",
content_type: "application/json",
expiry: "2018-03-21",
https_only: true,
ip_address: "168.1.5.65",
permissions: [
{
add: true,
create: false,
delete: true,
list: true,
read: true,
write: false,
},
],
start: "2018-03-21",
}
);
new cdktf.TerraformOutput(this, "sas_url_query_string", {
value: dataAzurermStorageAccountBlobContainerSasExample.sas,
});
Argument Reference
-
connectionString
- The connection string for the storage account to which this SAS applies. Typically directly from theprimaryConnectionString
attribute of a terraform createdazurermStorageAccount
resource. -
containerName
- Name of the container. -
httpsOnly
- (Optional) Only permithttps
access. Iffalse
, bothhttp
andhttps
are permitted. Defaults totrue
. -
ipAddress
- (Optional) Single IPv4 address or range (connected with a dash) of IPv4 addresses. -
start
- The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string. -
expiry
- The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
-> NOTE: The ISO-8601 Time offset from UTC is currently not supported by the service, which will result into 409 error.
-
permissions
- Apermissions
block as defined below. -
cacheControl
- (Optional) ThecacheControl
response header that is sent when this SAS token is used. -
contentDisposition
- (Optional) ThecontentDisposition
response header that is sent when this SAS token is used. -
contentEncoding
- (Optional) ThecontentEncoding
response header that is sent when this SAS token is used. -
contentLanguage
- (Optional) ThecontentLanguage
response header that is sent when this SAS token is used. -
contentType
- (Optional) ThecontentType
response header that is sent when this SAS token is used.
A permissions
block contains:
-
read
- Should Read permissions be enabled for this SAS? -
add
- Should Add permissions be enabled for this SAS? -
create
- Should Create permissions be enabled for this SAS? -
write
- Should Write permissions be enabled for this SAS? -
delete
- Should Delete permissions be enabled for this SAS? -
list
- Should List permissions be enabled for this SAS?
Refer to the SAS creation reference from Azure for additional details on the fields above.
Attributes Reference
sas
- The computed Blob Container Shared Access Signature (SAS).
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
read
- (Defaults to 5 minutes) Used when retrieving the Blob Container.