| subcategory | layout | page_title | description |
|---|---|---|---|
Storage |
azurerm |
Azure Resource Manager: azurerm_storage_account_blob_container_sas |
Gets a Shared Access Signature (SAS Token) for an existing Storage Account Blob Container. |
Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account Blob Container.
Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account Blob Container.
resource "azurerm_resource_group" "rg" {
name = "resourceGroupName"
location = "West Europe"
}
resource "azurerm_storage_account" "storage" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_container" "container" {
name = "mycontainer"
storage_account_name = azurerm_storage_account.storage.name
container_access_type = "private"
}
data "azurerm_storage_account_blob_container_sas" "example" {
connection_string = azurerm_storage_account.storage.primary_connection_string
container_name = azurerm_storage_container.container.name
https_only = true
ip_address = "168.1.5.65"
start = "2018-03-21"
expiry = "2018-03-21"
permissions {
read = true
add = true
create = false
write = false
delete = true
list = true
}
cache_control = "max-age=5"
content_disposition = "inline"
content_encoding = "deflate"
content_language = "en-US"
content_type = "application/json"
}
output "sas_url_query_string" {
value = data.azurerm_storage_account_blob_container_sas.example.sas
}-
connection_string- The connection string for the storage account to which this SAS applies. Typically directly from theprimary_connection_stringattribute of a terraform createdazurerm_storage_accountresource. -
container_name- Name of the container. -
https_only- (Optional) Only permithttpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue. -
ip_address- (Optional) Single IPv4 address or range (connected with a dash) of IPv4 addresses. -
start- The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string. -
expiry- The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
-> NOTE: The ISO-8601 Time offset from UTC is currently not supported by the service, which will result into 409 error.
-
permissions- Apermissionsblock as defined below. -
cache_control- (Optional) TheCache-Controlresponse header that is sent when this SAS token is used. -
content_disposition- (Optional) TheContent-Dispositionresponse header that is sent when this SAS token is used. -
content_encoding- (Optional) TheContent-Encodingresponse header that is sent when this SAS token is used. -
content_language- (Optional) TheContent-Languageresponse header that is sent when this SAS token is used. -
content_type- (Optional) TheContent-Typeresponse header that is sent when this SAS token is used.
A permissions block contains:
-
read- Should Read permissions be enabled for this SAS? -
add- Should Add permissions be enabled for this SAS? -
create- Should Create permissions be enabled for this SAS? -
write- Should Write permissions be enabled for this SAS? -
delete- Should Delete permissions be enabled for this SAS? -
list- Should List permissions be enabled for this SAS?
Refer to the SAS creation reference from Azure for additional details on the fields above.
sas- The computed Blob Container Shared Access Signature (SAS). The delimiter character ('?') for the query string is the prefix ofsas.
The timeouts block allows you to specify timeouts for certain actions:
read- (Defaults to 5 minutes) Used when retrieving the Blob Container.