Data Source: azurerm_storage_account_sas

Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account.

Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account.

Note that this is an Account SAS and not a Service SAS.

Example Usage

resource "azurerm_resource_group" "example" {
  name     = "resourceGroupName"
  location = "West Europe"
}

resource "azurerm_storage_account" "example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GRS"

  tags = {
    environment = "staging"
  }
}

data "azurerm_storage_account_sas" "example" {
  connection_string = azurerm_storage_account.example.primary_connection_string
  https_only        = true
  signed_version    = "2017-07-29"

  resource_types {
    service   = true
    container = false
    object    = false
  }

  services {
    blob  = true
    queue = false
    table = false
    file  = false
  }

  start  = "2018-03-21T00:00:00Z"
  expiry = "2020-03-21T00:00:00Z"

  permissions {
    read    = true
    write   = true
    delete  = false
    list    = false
    add     = true
    create  = true
    update  = false
    process = false
    tag     = false
    filter  = false
  }
}

output "sas_url_query_string" {
  value = data.azurerm_storage_account_sas.example.sas
}

Argument Reference


resource_types is a set of true/false flags which define the storage account resource types that are granted access by this SAS. This can be thought of as the scope over which the permissions apply. A service will have larger scope (affecting all sub-resources) than object.

A resource_types block contains:


services is a set of true/false flags which define the storage account services that are granted access by this SAS.

A services block contains:


A permissions block contains:

Refer to the SAS creation reference from Azure for additional details on the fields above.

Attributes Reference

Timeouts

The timeouts block allows you to specify timeouts for certain actions: