azurermKeyVaultManagedStorageAccountSasTokenDefinition
Manages a Key Vault Managed Storage Account SAS Definition.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "storageaccountname",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const dataAzurermClientConfigExample =
new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
this,
"example_2",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermClientConfigExample.overrideLogicalId("example");
const dataAzurermStorageAccountSasExample =
new azurerm.dataAzurermStorageAccountSas.DataAzurermStorageAccountSas(
this,
"example_3",
{
connection_string: azurermStorageAccountExample.primaryConnectionString,
expiry: "2023-04-30T00:00:00Z",
https_only: true,
permissions: [
{
add: true,
create: true,
delete: false,
filter: false,
list: false,
process: false,
read: true,
tag: false,
update: false,
write: true,
},
],
resource_types: [
{
container: false,
object: false,
service: true,
},
],
services: [
{
blob: true,
file: false,
queue: false,
table: false,
},
],
start: "2021-04-30T00:00:00Z",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermStorageAccountSasExample.overrideLogicalId("example");
const azurermKeyVaultExample = new azurerm.keyVault.KeyVault(
this,
"example_4",
{
access_policy: [
{
object_id: "${data.azurerm_client_config.current.object_id}",
secret_permissions: ["Get", "Delete"],
storage_permissions: [
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
tenant_id: "${data.azurerm_client_config.current.tenant_id}",
},
],
location: azurermResourceGroupExample.location,
name: "",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "standard",
tenant_id: "${data.azurerm_client_config.current.tenant_id}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultExample.overrideLogicalId("example");
new azurerm.keyVaultManagedStorageAccount.KeyVaultManagedStorageAccount(
this,
"test",
{
key_vault_id: azurermKeyVaultExample.id,
name: "examplemanagedstorage",
regenerate_key_automatically: false,
regeneration_period: "P1D",
storage_account_id: azurermStorageAccountExample.id,
storage_account_key: "key1",
}
);
const azurermKeyVaultManagedStorageAccountSasTokenDefinitionExample =
new azurerm.keyVaultManagedStorageAccountSasTokenDefinition.KeyVaultManagedStorageAccountSasTokenDefinition(
this,
"example_6",
{
managed_storage_account_id:
"${azurerm_key_vault_managed_storage_account.example.id}",
name: "examplesasdefinition",
sas_template_uri: dataAzurermStorageAccountSasExample.sas,
sas_type: "account",
validity_period: "P1D",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultManagedStorageAccountSasTokenDefinitionExample.overrideLogicalId(
"example"
);
Arguments Reference
The following arguments are supported:
-
name- (Required) The name which should be used for this SAS Definition. -
managedStorageAccountId- (Required) The ID of the Managed Storage Account. -
sasTemplateUri- (Required) The SAS definition token template signed with an arbitrary key. Tokens created according to the SAS definition will have the same properties as the template, but regenerated with a new validity period. -
sasType- (Required) The type of SAS token the SAS definition will create. Possible values areaccountandservice. -
validityPeriod- (Required) Validity period of SAS token. Value needs to be in ISO 8601 duration format.
tags- (Optional) A mapping of tags which should be assigned to the SAS Definition. Changing this forces a new resource to be created.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
-
id- The ID of the Managed Storage Account SAS Definition. -
secretId- The ID of the Secret that is created by Managed Storage Account SAS Definition.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Key Vault.read- (Defaults to 5 minutes) Used when retrieving the Key Vault.update- (Defaults to 30 minutes) Used when updating the Key Vault.delete- (Defaults to 30 minutes) Used when deleting the Key Vault.
Import
Key Vaults can be imported using the resourceId, e.g.