Skip to content

Commit a23b19c

Browse files
msebraggemsebragge
authored
Attach virtual network to storage (#1065)
1 parent 3a1e1e3 commit a23b19c

2 files changed

Lines changed: 9 additions & 4 deletions

File tree

templates/workspaces/base/terraform/network.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ resource "azurerm_subnet" "services" {
1313
virtual_network_name = azurerm_virtual_network.ws.name
1414
resource_group_name = azurerm_resource_group.ws.name
1515
address_prefixes = [local.services_subnet_address_prefix]
16+
service_endpoints = ["Microsoft.Storage"]
1617
# notice that private endpoints do not adhere to NSG rules
1718
enforce_private_link_endpoint_network_policies = true
1819
enforce_private_link_service_network_policies = true

templates/workspaces/base/terraform/storage.tf

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,15 @@ resource "azurerm_storage_account" "stg" {
66
account_replication_type = "GRS"
77

88
lifecycle { ignore_changes = [tags] }
9+
}
910

10-
network_rules {
11-
bypass = ["AzureServices"]
12-
default_action = "Deny"
13-
}
11+
resource "azurerm_storage_account_network_rules" "stgrules" {
12+
resource_group_name = azurerm_resource_group.ws.name
13+
storage_account_name = azurerm_storage_account.stg.name
14+
15+
default_action = "Deny"
16+
virtual_network_subnet_ids = [azurerm_subnet.services.id]
17+
bypass = ["AzureServices"]
1418
}
1519

1620
resource "azurerm_private_endpoint" "stgfilepe" {

0 commit comments

Comments
 (0)