Back to Blog
AzureTerraformIaCStorageDevOpsTutorial

Azure Storage Accounts: Deployment and Best Practices with Terraform

Complete tutorial about azurerm_storage_account in Terraform. Learn configuration, containers, access levels, replication.

Daniel Urbano
November 20, 2025
10 min read
Azure Storage Accounts: Deployment and Best Practices with Terraform

Azure Storage Accounts: Deployment and Best Practices with Terraform

Introduction

Azure Storage Accounts provide a versatile and scalable solution for storing and managing different types of data within the Azure ecosystem. By leveraging Azure Storage, developers can store blobs, files, queues, tables, and more, making it a crucial resource for modern applications. Infrastructure as Code (IaC) using tools like Terraform allows for the automated provisioning and management of Azure resources, ensuring consistent environments and reducing human errors.

In this tutorial, we will explore the deployment of Azure Storage Accounts using Terraform, focusing on essential elements such as configuration, containers, access levels, and replication strategies. With the rise of cloud-native applications, understanding how to effectively manage storage resources is vital for developers and DevOps engineers alike. This guide will equip you with practical knowledge and hands-on examples, enabling you to implement Azure Storage Accounts in your projects confidently.

Prerequisites

Before we begin, ensure you have the following:

  1. Terraform CLI installed on your machine.
  2. An Azure subscription to create resources.
  3. The Azure CLI installed and configured to interact with your Azure account.
  4. An Azure Service Principal for Terraform to authenticate with Azure.
# Login to Azure and set the subscription
az login
az account set --subscription "Your Subscription Name"

Fundamental Concepts

Key Terminology:

  • Storage Account: A container for storing data objects in Azure.
  • Blob Storage: A service for storing unstructured data in the cloud.
  • File Storage: A managed file share service that supports SMB protocol.
  • Access Levels: Defines who can access the storage account and its contents.
  • Replication: The process of duplicating data across different locations for redundancy.

Resource Dependencies:
When deploying storage accounts, you may need to define dependencies on other Azure resources such as resource groups or network configurations.

State Management:
Terraform maintains the state of your infrastructure in a state file, which helps in tracking resource changes across deployments.

Resource Syntax

The azurerm_storage_account resource in Terraform uses the following syntax:

resource "azurerm_storage_account" "example" {
  name                     = "<storage-account-name>"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"

  # Optional settings
  enable_https_traffic_only = true
}

Arguments Table

Argument Description
name The name of the storage account (must be unique).
resource_group_name The name of the resource group to create the account.
location Azure region for the storage account.
account_tier The performance tier (Standard or Premium).
account_replication_type Data replication strategy (LRS, GRS, RA-GRS, etc.).
enable_https_traffic_only Enforces HTTPS for all requests to the storage account.

Practical Examples

Example 1: Basic Storage Account

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "rg-example"
  location = "East US"
}

resource "azurerm_storage_account" "example" {
  name                     = "examplestoracc"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

Example 2: Storage Account with HTTPS

resource "azurerm_storage_account" "secure_example" {
  name                     = "secureexamplestoracc"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  enable_https_traffic_only = true
}

Example 3: Creating a Blob Container

resource "azurerm_storage_container" "my_container" {
  name                  = "mycontainer"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"  # Options: private, blob, container
}

Example 4: Access Levels and Permissions

resource "azurerm_storage_account_network_rules" "example" {
  storage_account_id = azurerm_storage_account.example.id

  default_action = "Deny"  # Deny all by default
  ip_rules       = ["203.0.113.0"]  # Allow specific IP
}

Example 5: Geo-Redundant Storage (GRS)

resource "azurerm_storage_account" "geo_redundant" {
  name                     = "geostoracc"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GRS"  # Geo-Redundant Storage
}

Example 6: Data Lake Storage

resource "azurerm_storage_account" "datalake" {
  name                     = "datalakeexample"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"

  is_hns_enabled = true  # Enable Hierarchical Namespace
}

Example 7: Output Storage Account Information

output "storage_account_name" {
  value = azurerm_storage_account.example.name
}

output "storage_account_primary_access_key" {
  value = azurerm_storage_account.example.primary_access_key
}

Example 8: Remote State Management with Azure Storage

terraform {
  backend "azurerm" {
    resource_group_name  = "rg-example"
    storage_account_name  = "examplestoracc"
    container_name        = "tfstate"
    key                   = "terraform.tfstate"
  }
}

Real-World Use Cases

Use Case 1: Hosting Static Websites

You can deploy a static website on Azure Blob Storage. This can be achieved by creating a storage account with static website hosting enabled and uploading the necessary HTML files.

Use Case 2: Storing Backup Data

Utilize Azure Blob Storage for storing backup data from on-premises solutions. This ensures data redundancy and availability across different regions.

Use Case 3: Data Lake for Analytics

Implement Azure Data Lake Storage for big data analytics scenarios, where large volumes of unstructured data are ingested and processed.

Best Practices

  1. Naming Conventions: Maintain a consistent naming convention for storage accounts to simplify management and enhance clarity.
  2. Resource Tagging: Use tags to categorize storage accounts based on departments, projects, or purposes for better cost management.
  3. Data Redundancy: Choose appropriate redundancy options based on data criticality, such as LRS or GRS, to ensure high availability.
  4. Access Management: Use Azure Active Directory for access control and implement role-based access to secure storage accounts.
  5. Monitor Costs: Regularly monitor storage costs using Azure Cost Management tools to optimize expenses.

Common Errors

Error 1: "Storage account name is not available"

Cause: The chosen storage account name is already taken.

Solution: Use a globally unique name. Consider using a random string for uniqueness.

Error 2: "Invalid replication type"

Cause: The specified replication type is not supported by the account tier.

Solution: Verify that the replication type matches the selected account tier.

Error 3: "Insufficient permissions"

Cause: The service principal does not have adequate permissions to create the storage account.

Solution: Ensure that the service principal has the necessary role assignments for the resource group.

Error 4: "Resource group not found"

Cause: The specified resource group does not exist.

Solution: Create the resource group before deploying the storage account.

Related Resources

Resource Description
azurerm_storage_account Terraform resource for Azure Storage Accounts
Azure Storage Documentation Overview of Azure Storage services and features
Terraform Documentation Official Terraform documentation for all resources

Complete Infrastructure Script

Here’s a complete Terraform configuration for deploying an Azure Storage Account with a blob container:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "rg-example"
  location = "East US"
}

resource "azurerm_storage_account" "example" {
  name                     = "examplestoracc"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  enable_https_traffic_only = true
}

resource "azurerm_storage_container" "my_container" {
  name                  = "mycontainer"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

output "storage_account_name" {
  value = azurerm_storage_account.example.name
}

Conclusion

In this tutorial, we've covered the essential aspects of deploying Azure Storage Accounts with Terraform, including configuration, containers, access levels, and replication strategies. By following the practical examples and best practices outlined, you can manage your storage resources efficiently and securely.

Next Steps

  • Explore additional Azure storage services such as Azure File Storage and Azure Queue Storage.
  • Practice deploying multi-resource configurations using Terraform modules.
  • Implement CI/CD pipelines for your Terraform configurations to automate deployments.

References