# Azure Storage Account for Terraform State Backend # This should be created first, then uncomment the backend block in versions.tf # Naming: azwesadevstate (provider+region+sa+env+purpose, alphanumeric only, max 24 chars) resource "azurerm_storage_account" "terraform_state" { count = var.create_terraform_state_storage ? 1 : 0 name = local.sa_state_name resource_group_name = azurerm_resource_group.terraform_state[0].name location = var.azure_region account_tier = "Standard" account_replication_type = "LRS" min_tls_version = "TLS1_2" # Enable blob versioning and soft delete for state protection blob_properties { versioning_enabled = true delete_retention_policy { days = 30 } } tags = merge(local.common_tags, { Purpose = "TerraformState" }) } resource "azurerm_storage_container" "terraform_state" { count = var.create_terraform_state_storage ? 1 : 0 name = "terraform-state" storage_account_name = azurerm_storage_account.terraform_state[0].name container_access_type = "private" } # Storage Account for application data (object storage) # Naming: azwesadevdata (provider+region+sa+env+purpose, alphanumeric only, max 24 chars) or custom from variable resource "azurerm_storage_account" "app_data" { name = var.storage_account_name != "" ? var.storage_account_name : local.sa_data_name resource_group_name = azurerm_resource_group.main.name location = var.azure_region account_tier = "Standard" account_replication_type = var.environment == "prod" ? "GRS" : "LRS" min_tls_version = "TLS1_2" allow_blob_public_access = false # Enable blob versioning for data protection blob_properties { versioning_enabled = true delete_retention_policy { days = var.environment == "prod" ? 90 : 30 } container_delete_retention_policy { days = var.environment == "prod" ? 90 : 30 } } tags = merge(local.common_tags, { Purpose = "ApplicationData" }) }