Cria de forma assíncrona uma nova conta de armazenamento com os parâmetros especificados. Se uma conta já tiver sido criada e uma solicitação de criação subsequente for emitida com propriedades diferentes, as propriedades da conta serão atualizadas. Se uma conta já tiver sido criada e uma solicitação de criação ou atualização subsequente for emitida com exatamente o mesmo conjunto de propriedades, a solicitação será bem-sucedida.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}?api-version=2025-06-01
Parâmetros de URI
| Nome |
Em |
Obrigatório |
Tipo |
Description |
|
accountName
|
path |
True
|
string
minLength: 3
maxLength: 24
pattern: ^[a-z0-9]+$
|
O nome da conta de armazenamento dentro do grupo de recursos especificado. Os nomes da conta de armazenamento devem ter entre 3 e 24 caracteres, usar números e apenas letras minúsculas.
|
|
resourceGroupName
|
path |
True
|
string
minLength: 1
maxLength: 90
|
O nome do grupo de recursos. O nome não diferencia maiúsculas de minúsculas.
|
|
subscriptionId
|
path |
True
|
string
(uuid)
|
A ID da assinatura de destino. O valor deve ser uma UUID.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
A versão da API a ser usada para esta operação.
|
Corpo da solicitação
| Nome |
Obrigatório |
Tipo |
Description |
|
kind
|
True
|
Kind
|
Obrigatório Indica o tipo de conta de armazenamento.
|
|
location
|
True
|
string
|
Obrigatório Obtém ou define o local do recurso. Esta será uma das Regiões Geográficas do Azure com suporte e registradas (por exemplo, Oeste dos EUA, Leste dos EUA, Sudeste Asiático, etc.). A região geográfica de um recurso não pode ser alterada depois de criada, mas se uma região geográfica idêntica for especificada na atualização, a solicitação terá êxito.
|
|
sku
|
True
|
Sku
|
Obrigatório Obtém ou define o nome do SKU.
|
|
extendedLocation
|
|
ExtendedLocation
|
Optional. Defina o local estendido do recurso. Se não for definido, a conta de armazenamento será criada na região principal do Azure. Caso contrário, ele será criado no local estendido especificado
|
|
identity
|
|
Identity
|
A identidade do recurso.
|
|
placement
|
|
Placement
|
Optional. Obtém ou define os detalhes de posicionamento zonal para a conta de armazenamento.
|
|
properties.accessTier
|
|
AccessTier
|
Necessário para contas de armazenamento em que tipo = BlobStorage. A camada de acesso é usada para cobrança. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
|
properties.allowBlobPublicAccess
|
|
boolean
|
Permitir ou desautorizar o acesso público a todos os blobs ou contêineres na conta de armazenamento. A interpretação padrão é falsa para essa propriedade.
|
|
properties.allowCrossTenantReplication
|
|
boolean
|
Permitir ou desabilitar a replicação entre objetos de locatário do AAD. Defina essa propriedade como true para contas novas ou existentes somente se as políticas de replicação de objeto envolverem contas de armazenamento em diferentes locatários do AAD. A interpretação padrão é falsa para que novas contas sigam as melhores práticas de segurança por padrão.
|
|
properties.allowSharedKeyAccess
|
|
boolean
|
Indica se a conta de armazenamento permite que as solicitações sejam autorizadas com a chave de acesso da conta por meio da Chave Compartilhada. Se for falso, todas as solicitações, incluindo assinaturas de acesso compartilhado, deverão ser autorizadas com o Azure AD (Azure Active Directory). O valor padrão é nulo, que é equivalente a true.
|
|
properties.allowedCopyScope
|
|
AllowedCopyScope
|
Restrinja a cópia de e para contas de armazenamento em um locatário do AAD ou com links privados para a mesma VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
|
AzureFilesIdentityBasedAuthentication
|
Fornece as configurações de autenticação baseadas em identidade para arquivos do Azure.
|
|
properties.customDomain
|
|
CustomDomain
|
Domínio do usuário atribuído à conta de armazenamento. O nome é a origem CNAME. Somente um domínio personalizado tem suporte por conta de armazenamento no momento. Para limpar o domínio personalizado existente, use uma cadeia de caracteres vazia para a propriedade de nome de domínio personalizado.
|
|
properties.defaultToOAuthAuthentication
|
|
boolean
|
Um sinalizador booliano que indica se a autenticação padrão é OAuth ou não. A interpretação padrão é falsa para essa propriedade.
|
|
properties.dnsEndpointType
|
|
DnsEndpointType
|
Permite que você especifique o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, o que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador de zona DNS alfanumérica.
|
|
properties.dualStackEndpointPreference
|
|
DualStackEndpointPreference
|
Mantém informações sobre o protocolo de Internet optado pelo usuário.
|
|
properties.enableExtendedGroups
|
|
boolean
|
Habilita o suporte de grupo estendido com o recurso de usuários locais, se definido como true
|
|
properties.encryption
|
|
Encryption
|
Configurações de criptografia a serem usadas para criptografia do lado do servidor para a conta de armazenamento.
|
|
properties.geoPriorityReplicationStatus
|
|
GeoPriorityReplicationStatus
|
Status indicando se a Replicação de Prioridade Geográfica está habilitada para a conta.
|
|
properties.immutableStorageWithVersioning
|
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como true no momento da criação da conta. Quando definido como true, ele habilita a imutabilidade no nível do objeto para todos os novos contêineres na conta por padrão.
|
|
properties.isHnsEnabled
|
|
boolean
|
Conta HierarchicalNamespace habilitada se for definida como true.
|
|
properties.isLocalUserEnabled
|
|
boolean
|
Habilita o recurso usuários locais, se definido como true
|
|
properties.isNfsV3Enabled
|
|
boolean
|
Suporte ao protocolo NFS 3.0 habilitado se definido como true.
|
|
properties.isSftpEnabled
|
|
boolean
|
Habilita o Protocolo de Transferência de Arquivo Seguro, se definido como true
|
|
properties.keyPolicy
|
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
properties.largeFileSharesState
|
|
LargeFileSharesState
|
Permitir compartilhamentos de arquivos grandes se os conjuntos estiverem habilitados. Ele não pode ser desabilitado depois de habilitado.
|
|
properties.minimumTlsVersion
|
|
MinimumTlsVersion
|
Defina a versão mínima do TLS para ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para essa propriedade.
|
|
properties.networkAcls
|
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
properties.publicNetworkAccess
|
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir que a configuração do Perímetro de Segurança de Rede avalie o acesso de rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser "Habilitado", "Desabilitado" ou "SecuredByPerimeter".
|
|
properties.routingPreference
|
|
RoutingPreference
|
Mantém informações sobre a opção de roteamento de rede aceita pelo usuário para transferência de dados
|
|
properties.sasPolicy
|
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
properties.supportsHttpsTrafficOnly
|
|
boolean
|
Permite o tráfego https somente para o serviço de armazenamento se for configurado como true. O valor padrão é verdadeiro desde a versão da API 2019-04-01.
|
|
tags
|
|
object
|
Obtém ou define uma lista de pares de valores de chave que descrevem o recurso. Essas marcas podem ser usadas para exibir e agrupar esse recurso (entre grupos de recursos). Um máximo de 15 marcas pode ser fornecido para um recurso. Cada marca deve ter uma chave com um comprimento não maior que 128 caracteres e um valor com um comprimento não maior que 256 caracteres.
|
|
zones
|
|
string[]
|
Optional. Obtém ou define a zona de disponibilidade lógica fixada para a conta de armazenamento.
|
Respostas
| Nome |
Tipo |
Description |
|
200 OK
|
StorageAccount
|
Operação de atualização do recurso 'StorageAccount' bem-sucedida
|
|
202 Accepted
|
|
Operação de recurso aceita.
Cabeçalhos
- Location: string
- Retry-After: integer
|
|
Other Status Codes
|
ErrorResponse
|
Uma resposta de erro inesperada.
|
Segurança
azure_auth
Fluxo do OAuth2 do Azure Active Directory.
Tipo:
oauth2
Flow:
implicit
URL de Autorização:
https://login.microsoftonline.com/common/oauth2/authorize
Escopos
| Nome |
Description |
|
user_impersonation
|
representar sua conta de usuário
|
Exemplos
NfsV3AccountCreate
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"enableExtendedGroups": true,
"isHnsEnabled": true,
"isNfsV3Enabled": true,
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": [
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"
}
]
},
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Premium_LRS"
}
}
import com.azure.resourcemanager.storage.models.Bypass;
import com.azure.resourcemanager.storage.models.DefaultAction;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.NetworkRuleSet;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.VirtualNetworkRule;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/NfsV3AccountCreate.json
*/
/**
* Sample code: NfsV3AccountCreate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void nfsV3AccountCreate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.PREMIUM_LRS))
.withKind(Kind.BLOCK_BLOB_STORAGE).withLocation("eastus")
.withNetworkRuleSet(new NetworkRuleSet().withBypass(Bypass.AZURE_SERVICES)
.withVirtualNetworkRules(Arrays.asList(new VirtualNetworkRule().withVirtualNetworkResourceId(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12")))
.withIpRules(Arrays.asList()).withDefaultAction(DefaultAction.ALLOW))
.withEnableHttpsTrafficOnly(false).withEnableExtendedGroups(true).withIsHnsEnabled(true)
.withEnableNfsV3(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python nfs_v3_account_create.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"enableExtendedGroups": True,
"isHnsEnabled": True,
"isNfsV3Enabled": True,
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": [
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"
}
],
},
"supportsHttpsTrafficOnly": False,
},
"sku": {"name": "Premium_LRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/NfsV3AccountCreate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/NfsV3AccountCreate.json
func ExampleAccountsClient_BeginCreate_nfsV3AccountCreate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindBlockBlobStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
EnableExtendedGroups: to.Ptr(true),
IsHnsEnabled: to.Ptr(true),
EnableNfsV3: to.Ptr(true),
NetworkRuleSet: &armstorage.NetworkRuleSet{
Bypass: to.Ptr(armstorage.BypassAzureServices),
DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
IPRules: []*armstorage.IPRule{},
VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
{
VirtualNetworkResourceID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"),
}},
},
EnableHTTPSTrafficOnly: to.Ptr(false),
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNamePremiumLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Kind: to.Ptr(armstorage.KindBlockBlobStorage),
// Properties: &armstorage.AccountProperties{
// EnableExtendedGroups: to.Ptr(true),
// IsHnsEnabled: to.Ptr(true),
// EnableNfsV3: to.Ptr(true),
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// {
// VirtualNetworkResourceID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"),
// }},
// },
// EnableHTTPSTrafficOnly: to.Ptr(false),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNamePremiumLRS),
// Tier: to.Ptr(armstorage.SKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/NfsV3AccountCreate.json
*/
async function nfsV3AccountCreate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
enableExtendedGroups: true,
isHnsEnabled: true,
enableNfsV3: true,
kind: "BlockBlobStorage",
location: "eastus",
networkRuleSet: {
bypass: "AzureServices",
defaultAction: "Allow",
ipRules: [],
virtualNetworkRules: [
{
virtualNetworkResourceId:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12",
},
],
},
sku: { name: "Premium_LRS" },
enableHttpsTrafficOnly: false,
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/NfsV3AccountCreate.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.PremiumLrs), StorageKind.BlockBlobStorage, new AzureLocation("eastus"))
{
NetworkRuleSet = new StorageAccountNetworkRuleSet(StorageNetworkDefaultAction.Allow)
{
Bypass = StorageNetworkBypass.AzureServices,
VirtualNetworkRules = { new StorageAccountVirtualNetworkRule(new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12")) },
IPRules = { },
},
EnableHttpsTrafficOnly = false,
IsExtendedGroupEnabled = true,
IsHnsEnabled = true,
IsNfsV3Enabled = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"enableExtendedGroups": true,
"isHnsEnabled": true,
"isNfsV3Enabled": true,
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": [
{
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Network/virtualNetworks/net123/subnets/subnet12"
}
]
},
"supportsHttpsTrafficOnly": false
},
"sku": {
"name": "Premium_LRS",
"tier": "Premium"
}
}
StorageAccountCreate
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"defaultToOAuthAuthentication": false,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"geoPriorityReplicationStatus": {
"isBlobEnabled": true
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.GeoPriorityReplicationStatus;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate.json
*/
/**
* Sample code: StorageAccountCreate.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreate(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false)
.withGeoPriorityReplicationStatus(new GeoPriorityReplicationStatus().withIsBlobEnabled(true)),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"geoPriorityReplicationStatus": {"isBlobEnabled": True},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate.json
func ExampleAccountsClient_BeginCreate_storageAccountCreate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
GeoPriorityReplicationStatus: &armstorage.GeoPriorityReplicationStatus{
IsBlobEnabled: to.Ptr(true),
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// GeoPriorityReplicationStatus: &armstorage.GeoPriorityReplicationStatus{
// IsBlobEnabled: to.Ptr(true),
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate.json
*/
async function storageAccountCreate() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
geoPriorityReplicationStatus: { isBlobEnabled: true },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
IsBlobEnabled = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true,
"geoPriorityReplicationStatus": {
"isBlobEnabled": true
}
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreate_placement
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"placement": {
"zonePlacementPolicy": "Any"
},
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"defaultToOAuthAuthentication": false,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.Placement;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.ZonePlacementPolicy;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreate_placement.json
*/
/**
* Sample code: StorageAccountCreate_placement.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreatePlacement(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withPlacement(new Placement().withZonePlacementPolicy(ZonePlacementPolicy.ANY))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_placement.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"placement": {"zonePlacementPolicy": "Any"},
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_placement.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_placement.json
func ExampleAccountsClient_BeginCreate_storageAccountCreatePlacement() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Placement: &armstorage.Placement{
ZonePlacementPolicy: to.Ptr(armstorage.ZonePlacementPolicyAny),
},
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Placement: &armstorage.Placement{
// ZonePlacementPolicy: to.Ptr(armstorage.ZonePlacementPolicyAny),
// },
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// Zones: []*string{
// to.Ptr("1")},
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_placement.json
*/
async function storageAccountCreatePlacement() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
placement: { zonePlacementPolicy: "Any" },
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_placement.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
ZonePlacementPolicy = StorageAccountZonePlacementPolicy.Any,
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"placement": {
"zonePlacementPolicy": "Any"
},
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"zones": [
"1"
]
}
StorageAccountCreate_zones
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"defaultToOAuthAuthentication": false,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"zones": [
"1"
]
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_zones.
* json
*/
/**
* Sample code: StorageAccountCreate_zones.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateZones(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withZones(Arrays.asList("1"))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_zones.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
"zones": ["1"],
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_zones.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_zones.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateZones() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
Zones: []*string{
to.Ptr("1")},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// Zones: []*string{
// to.Ptr("1")},
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_zones.json
*/
async function storageAccountCreateZones() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
zones: ["1"],
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreate_zones.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
Zones = { "1" },
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
},
"zones": [
"1"
]
}
StorageAccountCreateAllowedCopyScopeToAAD
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateAllowedCopyScopeToAAD.json
*/
/**
* Sample code: StorageAccountCreateAllowedCopyScopeToAAD.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateAllowedCopyScopeToAAD(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withAllowedCopyScope(
AllowedCopyScope.AAD)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_allowed_copy_scope_to_aad.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "AAD",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateAllowedCopyScopeToAad() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopeAAD),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
*/
async function storageAccountCreateAllowedCopyScopeToAad() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "AAD",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToAAD.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
AllowedCopyScope = AllowedCopyScope.Aad,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"allowedCopyScope": "AAD",
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreateAllowedCopyScopeToPrivateLink
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"allowedCopyScope": "PrivateLink",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.AllowedCopyScope;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateAllowedCopyScopeToPrivateLink.json
*/
/**
* Sample code: StorageAccountCreateAllowedCopyScopeToPrivateLink.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateAllowedCopyScopeToPrivateLink(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withAllowedCopyScope(
AllowedCopyScope.PRIVATE_LINK)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_allowed_copy_scope_to_private_link.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"allowedCopyScope": "PrivateLink",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateAllowedCopyScopeToPrivateLink() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopePrivateLink),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// AllowedCopyScope: to.Ptr(armstorage.AllowedCopyScopePrivateLink),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
*/
async function storageAccountCreateAllowedCopyScopeToPrivateLink() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
allowedCopyScope: "PrivateLink",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateAllowedCopyScopeToPrivateLink.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
AllowedCopyScope = AllowedCopyScope.PrivateLink,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"allowedCopyScope": "PrivateLink",
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreateDisallowPublicNetworkAccess
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateDisallowPublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountCreateDisallowPublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateDisallowPublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withPublicNetworkAccess(
PublicNetworkAccess.DISABLED)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_disallow_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateDisallowPublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessDisabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
*/
async function storageAccountCreateDisallowPublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
publicNetworkAccess: "Disabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDisallowPublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
PublicNetworkAccess = StoragePublicNetworkAccess.Disabled,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"publicNetworkAccess": "Disabled",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreateDnsEndpointTypeToAzureDnsZone
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"defaultToOAuthAuthentication": false,
"dnsEndpointType": "AzureDnsZone",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.DnsEndpointType;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
*/
/**
* Sample code: StorageAccountCreateDnsEndpointTypeToAzureDnsZone.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateDnsEndpointTypeToAzureDnsZone(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false)
.withDnsEndpointType(DnsEndpointType.AZURE_DNS_ZONE),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_dns_endpoint_type_to_azure_dns_zone.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"dnsEndpointType": "AzureDnsZone",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateDnsEndpointTypeToAzureDnsZone() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeAzureDNSZone),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeAzureDNSZone),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.z24.blob.storage.azure.net/"),
// Dfs: to.Ptr("https://sto4445.z24.dfs.storage.azure.net/"),
// File: to.Ptr("https://sto4445.z24.file.storage.azure.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.z24.blob.storage.azure.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.z24.dfs.storage.azure.net/"),
// File: to.Ptr("https://sto4445-internetrouting.z24.file.storage.azure.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.z24.web.storage.azure.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.z24.blob.storage.azure.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.z24.dfs.storage.azure.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.z24.file.storage.azure.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.z24.queue.storage.azure.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.z24.table.storage.azure.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.z24.web.storage.azure.net/"),
// },
// Queue: to.Ptr("https://sto4445.z24.queue.storage.azure.net/"),
// Table: to.Ptr("https://sto4445.z24.table.storage.azure.net/"),
// Web: to.Ptr("https://sto4445.z24.web.storage.azure.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
*/
async function storageAccountCreateDnsEndpointTypeToAzureDnsZone() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
dnsEndpointType: "AzureDnsZone",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToAzureDnsZone.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
DnsEndpointType = StorageDnsEndpointType.AzureDnsZone,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"dnsEndpointType": "AzureDnsZone",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.z24.blob.storage.azure.net/",
"dfs": "https://sto4445.z24.dfs.storage.azure.net/",
"file": "https://sto4445.z24.file.storage.azure.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.z24.blob.storage.azure.net/",
"dfs": "https://sto4445-internetrouting.z24.dfs.storage.azure.net/",
"file": "https://sto4445-internetrouting.z24.file.storage.azure.net/",
"web": "https://sto4445-internetrouting.z24.web.storage.azure.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.z24.blob.storage.azure.net/",
"dfs": "https://sto4445-microsoftrouting.z24.dfs.storage.azure.net/",
"file": "https://sto4445-microsoftrouting.z24.file.storage.azure.net/",
"queue": "https://sto4445-microsoftrouting.z24.queue.storage.azure.net/",
"table": "https://sto4445-microsoftrouting.z24.table.storage.azure.net/",
"web": "https://sto4445-microsoftrouting.z24.web.storage.azure.net/"
},
"queue": "https://sto4445.z24.queue.storage.azure.net/",
"table": "https://sto4445.z24.table.storage.azure.net/",
"web": "https://sto4445.z24.web.storage.azure.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreateDnsEndpointTypeToStandard
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"defaultToOAuthAuthentication": false,
"dnsEndpointType": "Standard",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.DnsEndpointType;
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateDnsEndpointTypeToStandard.json
*/
/**
* Sample code: StorageAccountCreateDnsEndpointTypeToStandard.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateDnsEndpointTypeToStandard(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(
mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsSftpEnabled(true).withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true).withDefaultToOAuthAuthentication(false)
.withDnsEndpointType(DnsEndpointType.STANDARD),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_dns_endpoint_type_to_standard.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"defaultToOAuthAuthentication": False,
"dnsEndpointType": "Standard",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"isSftpEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateDnsEndpointTypeToStandard() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
DefaultToOAuthAuthentication: to.Ptr(false),
DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeStandard),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
IsSftpEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// DNSEndpointType: to.Ptr(armstorage.DNSEndpointTypeStandard),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// IsSftpEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
*/
async function storageAccountCreateDnsEndpointTypeToStandard() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
defaultToOAuthAuthentication: false,
dnsEndpointType: "Standard",
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
isSftpEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateDnsEndpointTypeToStandard.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsSftpEnabled = true,
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
IsDefaultToOAuthAuthentication = false,
DnsEndpointType = StorageDnsEndpointType.Standard,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"dnsEndpointType": "Standard",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"isSftpEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreateEnablePublicNetworkAccess
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"isHnsEnabled": true,
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"publicNetworkAccess": "Enabled",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
}
},
"sku": {
"name": "Standard_GRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.ExpirationAction;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.KeyPolicy;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.PublicNetworkAccess;
import com.azure.resourcemanager.storage.models.RoutingChoice;
import com.azure.resourcemanager.storage.models.RoutingPreference;
import com.azure.resourcemanager.storage.models.SasPolicy;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateEnablePublicNetworkAccess.json
*/
/**
* Sample code: StorageAccountCreateEnablePublicNetworkAccess.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateEnablePublicNetworkAccess(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withPublicNetworkAccess(
PublicNetworkAccess.ENABLED)
.withSasPolicy(
new SasPolicy().withSasExpirationPeriod(
"1.15:59:59").withExpirationAction(
ExpirationAction.LOG))
.withKeyPolicy(new KeyPolicy().withKeyExpirationPeriodInDays(20))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withIsHnsEnabled(true)
.withRoutingPreference(new RoutingPreference().withRoutingChoice(RoutingChoice.MICROSOFT_ROUTING)
.withPublishMicrosoftEndpoints(true).withPublishInternetEndpoints(true))
.withAllowBlobPublicAccess(false).withMinimumTlsVersion(MinimumTlsVersion.TLS1_2)
.withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_enable_public_network_access.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": False,
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"isHnsEnabled": True,
"keyPolicy": {"keyExpirationPeriodInDays": 20},
"minimumTlsVersion": "TLS1_2",
"publicNetworkAccess": "Enabled",
"routingPreference": {
"publishInternetEndpoints": True,
"publishMicrosoftEndpoints": True,
"routingChoice": "MicrosoftRouting",
},
"sasPolicy": {"expirationAction": "Log", "sasExpirationPeriod": "1.15:59:59"},
},
"sku": {"name": "Standard_GRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateEnablePublicNetworkAccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowBlobPublicAccess: to.Ptr(false),
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
IsHnsEnabled: to.Ptr(true),
KeyPolicy: &armstorage.KeyPolicy{
KeyExpirationPeriodInDays: to.Ptr[int32](20),
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessEnabled),
RoutingPreference: &armstorage.RoutingPreference{
PublishInternetEndpoints: to.Ptr(true),
PublishMicrosoftEndpoints: to.Ptr(true),
RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
},
SasPolicy: &armstorage.SasPolicy{
ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
SasExpirationPeriod: to.Ptr("1.15:59:59"),
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AllowBlobPublicAccess: to.Ptr(false),
// AllowSharedKeyAccess: to.Ptr(true),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// IsHnsEnabled: to.Ptr(true),
// KeyCreationTime: &armstorage.KeyCreationTime{
// Key1: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// Key2: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-18T04:42:22.432Z"); return t}()),
// },
// KeyPolicy: &armstorage.KeyPolicy{
// KeyExpirationPeriodInDays: to.Ptr[int32](20),
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// InternetEndpoints: &armstorage.AccountInternetEndpoints{
// Blob: to.Ptr("https://sto4445-internetrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-internetrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-internetrouting.file.core.windows.net/"),
// Web: to.Ptr("https://sto4445-internetrouting.web.core.windows.net/"),
// },
// MicrosoftEndpoints: &armstorage.AccountMicrosoftEndpoints{
// Blob: to.Ptr("https://sto4445-microsoftrouting.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445-microsoftrouting.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445-microsoftrouting.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445-microsoftrouting.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445-microsoftrouting.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445-microsoftrouting.web.core.windows.net/"),
// },
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// PublicNetworkAccess: to.Ptr(armstorage.PublicNetworkAccessEnabled),
// RoutingPreference: &armstorage.RoutingPreference{
// PublishInternetEndpoints: to.Ptr(true),
// PublishMicrosoftEndpoints: to.Ptr(true),
// RoutingChoice: to.Ptr(armstorage.RoutingChoiceMicrosoftRouting),
// },
// SasPolicy: &armstorage.SasPolicy{
// ExpirationAction: to.Ptr(armstorage.ExpirationActionLog),
// SasExpirationPeriod: to.Ptr("1.15:59:59"),
// },
// SecondaryLocation: to.Ptr("centraluseuap"),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
*/
async function storageAccountCreateEnablePublicNetworkAccess() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowBlobPublicAccess: false,
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
isHnsEnabled: true,
keyPolicy: { keyExpirationPeriodInDays: 20 },
kind: "Storage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
publicNetworkAccess: "Enabled",
routingPreference: {
publishInternetEndpoints: true,
publishMicrosoftEndpoints: true,
routingChoice: "MicrosoftRouting",
},
sasPolicy: { expirationAction: "Log", sasExpirationPeriod: "1.15:59:59" },
sku: { name: "Standard_GRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateEnablePublicNetworkAccess.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
PublicNetworkAccess = StoragePublicNetworkAccess.Enabled,
SasPolicy = new StorageAccountSasPolicy("1.15:59:59", ExpirationAction.Log),
KeyExpirationPeriodInDays = 20,
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
IsHnsEnabled = true,
RoutingPreference = new StorageRoutingPreference
{
RoutingChoice = StorageRoutingChoice.MicrosoftRouting,
IsMicrosoftEndpointsPublished = true,
IsInternetEndpointsPublished = true,
},
AllowBlobPublicAccess = false,
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"allowBlobPublicAccess": false,
"allowSharedKeyAccess": true,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"isHnsEnabled": true,
"keyCreationTime": {
"key1": "2021-03-18T04:42:22.4322836Z",
"key2": "2021-03-18T04:42:22.4322836Z"
},
"keyPolicy": {
"keyExpirationPeriodInDays": 20
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"internetEndpoints": {
"blob": "https://sto4445-internetrouting.blob.core.windows.net/",
"dfs": "https://sto4445-internetrouting.dfs.core.windows.net/",
"file": "https://sto4445-internetrouting.file.core.windows.net/",
"web": "https://sto4445-internetrouting.web.core.windows.net/"
},
"microsoftEndpoints": {
"blob": "https://sto4445-microsoftrouting.blob.core.windows.net/",
"dfs": "https://sto4445-microsoftrouting.dfs.core.windows.net/",
"file": "https://sto4445-microsoftrouting.file.core.windows.net/",
"queue": "https://sto4445-microsoftrouting.queue.core.windows.net/",
"table": "https://sto4445-microsoftrouting.table.core.windows.net/",
"web": "https://sto4445-microsoftrouting.web.core.windows.net/"
},
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"publicNetworkAccess": "Enabled",
"routingPreference": {
"publishInternetEndpoints": true,
"publishMicrosoftEndpoints": true,
"routingChoice": "MicrosoftRouting"
},
"sasPolicy": {
"expirationAction": "Log",
"sasExpirationPeriod": "1.15:59:59"
},
"secondaryLocation": "centraluseuap",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreatePremiumBlockBlobStorage
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"allowSharedKeyAccess": true,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
},
"minimumTlsVersion": "TLS1_2"
},
"sku": {
"name": "Premium_LRS"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.MinimumTlsVersion;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreatePremiumBlockBlobStorage.json
*/
/**
* Sample code: StorageAccountCreatePremiumBlockBlobStorage.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreatePremiumBlockBlobStorage(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.PREMIUM_LRS))
.withKind(Kind.BLOCK_BLOB_STORAGE).withLocation("eastus")
.withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder"))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_STORAGE).withRequireInfrastructureEncryption(false))
.withMinimumTlsVersion(MinimumTlsVersion.TLS1_2).withAllowSharedKeyAccess(true),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_premium_block_blob_storage.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"kind": "BlockBlobStorage",
"location": "eastus",
"properties": {
"allowSharedKeyAccess": True,
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": False,
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
},
"minimumTlsVersion": "TLS1_2",
},
"sku": {"name": "Premium_LRS"},
"tags": {"key1": "value1", "key2": "value2"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
func ExampleAccountsClient_BeginCreate_storageAccountCreatePremiumBlockBlobStorage() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Kind: to.Ptr(armstorage.KindBlockBlobStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
AllowSharedKeyAccess: to.Ptr(true),
Encryption: &armstorage.Encryption{
KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
RequireInfrastructureEncryption: to.Ptr(false),
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNamePremiumLRS),
},
Tags: map[string]*string{
"key1": to.Ptr("value1"),
"key2": to.Ptr("value2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// "key1": to.Ptr("value1"),
// "key2": to.Ptr("value2"),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierPremium),
// AllowBlobPublicAccess: to.Ptr(false),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// Encryption: &armstorage.Encryption{
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftStorage),
// RequireInfrastructureEncryption: to.Ptr(false),
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-11T20:49:31.703Z"); return t}()),
// },
// },
// },
// MinimumTLSVersion: to.Ptr(armstorage.MinimumTLSVersionTLS12),
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// StatusOfSecondary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNamePremiumLRS),
// Tier: to.Ptr(armstorage.SKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
*/
async function storageAccountCreatePremiumBlockBlobStorage() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
allowSharedKeyAccess: true,
encryption: {
keySource: "Microsoft.Storage",
requireInfrastructureEncryption: false,
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
kind: "BlockBlobStorage",
location: "eastus",
minimumTlsVersion: "TLS1_2",
sku: { name: "Premium_LRS" },
tags: { key1: "value1", key2: "value2" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreatePremiumBlockBlobStorage.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.PremiumLrs), StorageKind.BlockBlobStorage, new AzureLocation("eastus"))
{
Tags =
{
["key1"] = "value1",
["key2"] = "value2"
},
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.Storage,
RequireInfrastructureEncryption = false,
},
MinimumTlsVersion = StorageMinimumTlsVersion.Tls1_2,
AllowSharedKeyAccess = true,
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"accessTier": "Premium",
"allowBlobPublicAccess": false,
"creationTime": "2017-05-24T13:25:33.4863236Z",
"encryption": {
"keySource": "Microsoft.Storage",
"requireInfrastructureEncryption": false,
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
}
}
},
"minimumTlsVersion": "TLS1_2",
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded",
"statusOfPrimary": "available",
"statusOfSecondary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Premium_LRS",
"tier": "Premium"
},
"tags": {
"key1": "value1",
"key2": "value2"
}
}
StorageAccountCreateUserAssignedEncryptionIdentityWithCMK
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": ""
},
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
}
},
"sku": {
"name": "Standard_LRS"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
*/
/**
* Sample code: StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateUserAssignedEncryptionIdentityWithCMK(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_user_assigned_encryption_identity_with_cmk.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateUserAssignedEncryptionIdentityWithCmk() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
*/
async function storageAccountCreateUserAssignedEncryptionIdentityWithCmk() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
location: "eastus",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedEncryptionIdentityWithCMK.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardLrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity()
},
},
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
},
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5",
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7"
}
}
},
"kind": "StorageV2",
"location": "eastus",
"properties": {
"accessTier": "Hot",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"encryption": {
"identity": {
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
}
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus",
"privateEndpointConnections": [],
"provisioningState": "Succeeded",
"statusOfPrimary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"tags": {}
}
StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res131918/providers/Microsoft.Storage/storageAccounts/sto131918?api-version=2025-06-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
}
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": ""
},
"services": {
"blob": {
"enabled": true,
"keyType": "Account"
},
"file": {
"enabled": true,
"keyType": "Account"
}
}
}
},
"sku": {
"name": "Standard_LRS"
}
}
import com.azure.resourcemanager.storage.models.Encryption;
import com.azure.resourcemanager.storage.models.EncryptionIdentity;
import com.azure.resourcemanager.storage.models.EncryptionService;
import com.azure.resourcemanager.storage.models.EncryptionServices;
import com.azure.resourcemanager.storage.models.Identity;
import com.azure.resourcemanager.storage.models.IdentityType;
import com.azure.resourcemanager.storage.models.KeySource;
import com.azure.resourcemanager.storage.models.KeyType;
import com.azure.resourcemanager.storage.models.KeyVaultProperties;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import com.azure.resourcemanager.storage.models.UserAssignedIdentity;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
/**
* Sample code: StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void storageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts().create("res131918", "sto131918",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_LRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withIdentity(new Identity().withType(IdentityType.USER_ASSIGNED).withUserAssignedIdentities(mapOf(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
new UserAssignedIdentity())))
.withEncryption(new Encryption()
.withServices(new EncryptionServices()
.withBlob(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT))
.withFile(new EncryptionService().withEnabled(true).withKeyType(KeyType.ACCOUNT)))
.withKeySource(KeySource.MICROSOFT_KEYVAULT)
.withKeyVaultProperties(new KeyVaultProperties().withKeyName("fakeTokenPlaceholder")
.withKeyVersion("fakeTokenPlaceholder").withKeyVaultUri("fakeTokenPlaceholder"))
.withEncryptionIdentity(new EncryptionIdentity().withEncryptionUserAssignedIdentity(
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")
.withEncryptionFederatedIdentityClientId("f83c6b1b-4d34-47e4-bb34-9d83df58b540"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_user_assigned_identity_with_federated_identity_client_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res131918",
account_name="sto131918",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {}
},
},
"kind": "Storage",
"location": "eastus",
"properties": {
"encryption": {
"identity": {
"federatedIdentityClientId": "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
},
"services": {
"blob": {"enabled": True, "keyType": "Account"},
"file": {"enabled": True, "keyType": "Account"},
},
}
},
"sku": {"name": "Standard_LRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res131918", "sto131918", armstorage.AccountCreateParameters{
Identity: &armstorage.Identity{
Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {},
},
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
Encryption: &armstorage.Encryption{
EncryptionIdentity: &armstorage.EncryptionIdentity{
EncryptionFederatedIdentityClientID: to.Ptr("f83c6b1b-4d34-47e4-bb34-9d83df58b540"),
EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
},
KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
KeyVaultProperties: &armstorage.KeyVaultProperties{
KeyName: to.Ptr("wrappingKey"),
KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
KeyVersion: to.Ptr(""),
},
Services: &armstorage.EncryptionServices{
Blob: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
File: &armstorage.EncryptionService{
Enabled: to.Ptr(true),
KeyType: to.Ptr(armstorage.KeyTypeAccount),
},
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardLRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// Tags: map[string]*string{
// },
// Identity: &armstorage.Identity{
// Type: to.Ptr(armstorage.IdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armstorage.UserAssignedIdentity{
// "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": &armstorage.UserAssignedIdentity{
// ClientID: to.Ptr("fbaa6278-1ecc-415c-819f-6e2058d3acb5"),
// PrincipalID: to.Ptr("8d823284-1060-42a5-9ec4-ed3d831e24d7"),
// },
// },
// },
// Kind: to.Ptr(armstorage.KindStorageV2),
// Properties: &armstorage.AccountProperties{
// AccessTier: to.Ptr(armstorage.AccessTierHot),
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.083Z"); return t}()),
// Encryption: &armstorage.Encryption{
// EncryptionIdentity: &armstorage.EncryptionIdentity{
// EncryptionFederatedIdentityClientID: to.Ptr("f83c6b1b-4d34-47e4-bb34-9d83df58b540"),
// EncryptionUserAssignedIdentity: to.Ptr("/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"),
// },
// KeySource: to.Ptr(armstorage.KeySourceMicrosoftKeyvault),
// KeyVaultProperties: &armstorage.KeyVaultProperties{
// CurrentVersionedKeyIdentifier: to.Ptr("https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad"),
// KeyName: to.Ptr("wrappingKey"),
// KeyVaultURI: to.Ptr("https://myvault8569.vault.azure.net"),
// KeyVersion: to.Ptr(""),
// LastKeyRotationTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-13T20:36:23.702Z"); return t}()),
// },
// Services: &armstorage.EncryptionServices{
// Blob: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// File: &armstorage.EncryptionService{
// Enabled: to.Ptr(true),
// KeyType: to.Ptr(armstorage.KeyTypeAccount),
// LastEnabledTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-12-15T00:43:14.173Z"); return t}()),
// },
// },
// },
// NetworkRuleSet: &armstorage.NetworkRuleSet{
// Bypass: to.Ptr(armstorage.BypassAzureServices),
// DefaultAction: to.Ptr(armstorage.DefaultActionAllow),
// IPRules: []*armstorage.IPRule{
// },
// VirtualNetworkRules: []*armstorage.VirtualNetworkRule{
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus"),
// PrivateEndpointConnections: []*armstorage.PrivateEndpointConnection{
// },
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// StatusOfPrimary: to.Ptr(armstorage.AccountStatusAvailable),
// EnableHTTPSTrafficOnly: to.Ptr(true),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardLRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
*/
async function storageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res131918";
const accountName = "sto131918";
const parameters = {
encryption: {
encryptionIdentity: {
encryptionFederatedIdentityClientId: "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
encryptionUserAssignedIdentity:
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
},
keySource: "Microsoft.Keyvault",
keyVaultProperties: {
keyName: "wrappingKey",
keyVaultUri: "https://myvault8569.vault.azure.net",
keyVersion: "",
},
services: {
blob: { enabled: true, keyType: "Account" },
file: { enabled: true, keyType: "Account" },
},
},
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/{subscriptionId}/resourceGroups/res9101/providers/MicrosoftManagedIdentity/userAssignedIdentities/{managedIdentityName}":
{},
},
},
kind: "Storage",
location: "eastus",
sku: { name: "Standard_LRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateUserAssignedIdentityWithFederatedIdentityClientId.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res131918";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto131918";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardLrs), StorageKind.Storage, new AzureLocation("eastus"))
{
Identity = new ManagedServiceIdentity("UserAssigned")
{
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}")] = new UserAssignedIdentity()
},
},
Encryption = new StorageAccountEncryption
{
Services = new StorageAccountEncryptionServices
{
Blob = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
File = new StorageEncryptionService
{
IsEnabled = true,
KeyType = StorageEncryptionKeyType.Account,
},
},
KeySource = StorageAccountKeySource.KeyVault,
KeyVaultProperties = new StorageAccountKeyVaultProperties
{
KeyName = "wrappingKey",
KeyVersion = "",
KeyVaultUri = new Uri("https://myvault8569.vault.azure.net"),
},
EncryptionIdentity = new StorageAccountEncryptionIdentity
{
EncryptionUserAssignedIdentity = "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}",
EncryptionFederatedIdentityClientId = "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
},
},
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}": {
"clientId": "fbaa6278-1ecc-415c-819f-6e2058d3acb5",
"principalId": "8d823284-1060-42a5-9ec4-ed3d831e24d7"
}
}
},
"kind": "StorageV2",
"location": "eastus",
"properties": {
"accessTier": "Hot",
"creationTime": "2020-12-15T00:43:14.0839093Z",
"encryption": {
"identity": {
"federatedIdentityClientId": "f83c6b1b-4d34-47e4-bb34-9d83df58b540",
"userAssignedIdentity": "/subscriptions/{subscription-id}/resourcegroups/res9101/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managed-identity-name}"
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
"keyname": "wrappingKey",
"keyvaulturi": "https://myvault8569.vault.azure.net",
"keyversion": "",
"lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
},
"services": {
"blob": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
},
"file": {
"enabled": true,
"keyType": "Account",
"lastEnabledTime": "2020-12-15T00:43:14.1739587Z"
}
}
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow",
"ipRules": [],
"virtualNetworkRules": []
},
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus",
"privateEndpointConnections": [],
"provisioningState": "Succeeded",
"statusOfPrimary": "available",
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"tags": {}
}
StorageAccountCreateWithImmutabilityPolicy
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445?api-version=2025-06-01
{
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"kind": "Storage",
"location": "eastus",
"properties": {
"immutableStorageWithVersioning": {
"enabled": true,
"immutabilityPolicy": {
"allowProtectedAppendWrites": true,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Unlocked"
}
}
},
"sku": {
"name": "Standard_GRS"
}
}
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyProperties;
import com.azure.resourcemanager.storage.models.AccountImmutabilityPolicyState;
import com.azure.resourcemanager.storage.models.ExtendedLocation;
import com.azure.resourcemanager.storage.models.ExtendedLocationTypes;
import com.azure.resourcemanager.storage.models.ImmutableStorageAccount;
import com.azure.resourcemanager.storage.models.Kind;
import com.azure.resourcemanager.storage.models.Sku;
import com.azure.resourcemanager.storage.models.SkuName;
import com.azure.resourcemanager.storage.models.StorageAccountCreateParameters;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for StorageAccounts Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/
* StorageAccountCreateWithImmutabilityPolicy.json
*/
/**
* Sample code: StorageAccountCreateWithImmutabilityPolicy.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
storageAccountCreateWithImmutabilityPolicy(com.azure.resourcemanager.AzureResourceManager azure) {
azure.storageAccounts().manager().serviceClient().getStorageAccounts()
.create("res9101", "sto4445",
new StorageAccountCreateParameters().withSku(new Sku().withName(SkuName.STANDARD_GRS))
.withKind(Kind.STORAGE).withLocation("eastus")
.withExtendedLocation(
new ExtendedLocation().withName("losangeles001").withType(ExtendedLocationTypes.EDGE_ZONE))
.withImmutableStorageWithVersioning(new ImmutableStorageAccount().withEnabled(true)
.withImmutabilityPolicy(new AccountImmutabilityPolicyProperties()
.withImmutabilityPeriodSinceCreationInDays(15)
.withState(AccountImmutabilityPolicyState.UNLOCKED).withAllowProtectedAppendWrites(true))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-storage
# USAGE
python storage_account_create_with_immutability_policy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = StorageManagementClient(
credential=DefaultAzureCredential(),
subscription_id="{subscription-id}",
)
response = client.storage_accounts.begin_create(
resource_group_name="res9101",
account_name="sto4445",
parameters={
"extendedLocation": {"name": "losangeles001", "type": "EdgeZone"},
"kind": "Storage",
"location": "eastus",
"properties": {
"immutableStorageWithVersioning": {
"enabled": True,
"immutabilityPolicy": {
"allowProtectedAppendWrites": True,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Unlocked",
},
}
},
"sku": {"name": "Standard_GRS"},
},
).result()
print(response)
# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armstorage_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4e9df3afd38a1cfa00a5d49419dce51bd014601f/specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
func ExampleAccountsClient_BeginCreate_storageAccountCreateWithImmutabilityPolicy() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAccountsClient().BeginCreate(ctx, "res9101", "sto4445", armstorage.AccountCreateParameters{
ExtendedLocation: &armstorage.ExtendedLocation{
Name: to.Ptr("losangeles001"),
Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
},
Kind: to.Ptr(armstorage.KindStorage),
Location: to.Ptr("eastus"),
Properties: &armstorage.AccountPropertiesCreateParameters{
ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
Enabled: to.Ptr(true),
ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
AllowProtectedAppendWrites: to.Ptr(true),
ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
State: to.Ptr(armstorage.AccountImmutabilityPolicyStateUnlocked),
},
},
},
SKU: &armstorage.SKU{
Name: to.Ptr(armstorage.SKUNameStandardGRS),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Account = armstorage.Account{
// Name: to.Ptr("sto4445"),
// Type: to.Ptr("Microsoft.Storage/storageAccounts"),
// ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445"),
// Location: to.Ptr("eastus"),
// ExtendedLocation: &armstorage.ExtendedLocation{
// Name: to.Ptr("losangeles001"),
// Type: to.Ptr(armstorage.ExtendedLocationTypesEdgeZone),
// },
// Kind: to.Ptr(armstorage.KindStorage),
// Properties: &armstorage.AccountProperties{
// CreationTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T13:25:33.486Z"); return t}()),
// ImmutableStorageWithVersioning: &armstorage.ImmutableStorageAccount{
// Enabled: to.Ptr(true),
// ImmutabilityPolicy: &armstorage.AccountImmutabilityPolicyProperties{
// AllowProtectedAppendWrites: to.Ptr(true),
// ImmutabilityPeriodSinceCreationInDays: to.Ptr[int32](15),
// State: to.Ptr(armstorage.AccountImmutabilityPolicyStateUnlocked),
// },
// },
// PrimaryEndpoints: &armstorage.Endpoints{
// Blob: to.Ptr("https://sto4445.blob.core.windows.net/"),
// Dfs: to.Ptr("https://sto4445.dfs.core.windows.net/"),
// File: to.Ptr("https://sto4445.file.core.windows.net/"),
// Queue: to.Ptr("https://sto4445.queue.core.windows.net/"),
// Table: to.Ptr("https://sto4445.table.core.windows.net/"),
// Web: to.Ptr("https://sto4445.web.core.windows.net/"),
// },
// PrimaryLocation: to.Ptr("eastus2euap"),
// ProvisioningState: to.Ptr(armstorage.ProvisioningStateSucceeded),
// },
// SKU: &armstorage.SKU{
// Name: to.Ptr(armstorage.SKUNameStandardGRS),
// Tier: to.Ptr(armstorage.SKUTierStandard),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
*
* @summary Asynchronously creates a new storage account with the specified parameters. If an account is already created and a subsequent create request is issued with different properties, the account properties will be updated. If an account is already created and a subsequent create or update request is issued with the exact same set of properties, the request will succeed.
* x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
*/
async function storageAccountCreateWithImmutabilityPolicy() {
const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res9101";
const accountName = "sto4445";
const parameters = {
extendedLocation: { name: "losangeles001", type: "EdgeZone" },
immutableStorageWithVersioning: {
enabled: true,
immutabilityPolicy: {
allowProtectedAppendWrites: true,
immutabilityPeriodSinceCreationInDays: 15,
state: "Unlocked",
},
},
kind: "Storage",
location: "eastus",
sku: { name: "Standard_GRS" },
};
const credential = new DefaultAzureCredential();
const client = new StorageManagementClient(credential, subscriptionId);
const result = await client.storageAccounts.beginCreateAndWait(
resourceGroupName,
accountName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;
// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2025-06-01/examples/StorageAccountCreateWithImmutabilityPolicy.json
// this example is just showing the usage of "StorageAccounts_Create" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res9101";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this StorageAccountResource
StorageAccountCollection collection = resourceGroupResource.GetStorageAccounts();
// invoke the operation
string accountName = "sto4445";
StorageAccountCreateOrUpdateContent content = new StorageAccountCreateOrUpdateContent(new StorageSku(StorageSkuName.StandardGrs), StorageKind.Storage, new AzureLocation("eastus"))
{
ExtendedLocation = new ExtendedLocation
{
Name = "losangeles001",
},
ImmutableStorageWithVersioning = new ImmutableStorageAccount
{
IsEnabled = true,
ImmutabilityPolicy = new AccountImmutabilityPolicy
{
ImmutabilityPeriodSinceCreationInDays = 15,
State = AccountImmutabilityPolicyState.Unlocked,
AllowProtectedAppendWrites = true,
},
},
};
ArmOperation<StorageAccountResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, accountName, content);
StorageAccountResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "sto4445",
"type": "Microsoft.Storage/storageAccounts",
"extendedLocation": {
"name": "losangeles001",
"type": "EdgeZone"
},
"id": "/subscriptions/{subscription-id}/resourceGroups/res9101/providers/Microsoft.Storage/storageAccounts/sto4445",
"kind": "Storage",
"location": "eastus",
"properties": {
"creationTime": "2017-05-24T13:25:33.4863236Z",
"immutableStorageWithVersioning": {
"enabled": true,
"immutabilityPolicy": {
"allowProtectedAppendWrites": true,
"immutabilityPeriodSinceCreationInDays": 15,
"state": "Unlocked"
}
},
"primaryEndpoints": {
"blob": "https://sto4445.blob.core.windows.net/",
"dfs": "https://sto4445.dfs.core.windows.net/",
"file": "https://sto4445.file.core.windows.net/",
"queue": "https://sto4445.queue.core.windows.net/",
"table": "https://sto4445.table.core.windows.net/",
"web": "https://sto4445.web.core.windows.net/"
},
"primaryLocation": "eastus2euap",
"provisioningState": "Succeeded"
},
"sku": {
"name": "Standard_GRS",
"tier": "Standard"
}
}
Definições
| Nome |
Description |
|
AccessTier
|
Necessário para contas de armazenamento em que tipo = BlobStorage. A camada de acesso é usada para cobrança. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
|
AccountImmutabilityPolicyProperties
|
Isso define as propriedades da política de imutabilidade no nível da conta.
|
|
AccountImmutabilityPolicyState
|
O estado ImmutabilityPolicy define o modo da política. O estado desabilitado desabilita a política, o estado desbloqueado permite aumentar e diminuir o tempo de retenção de imutabilidade e também permite a agregação da propriedade allowProtectedAppendWrites, o estado Bloqueado permite apenas o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada em um estado desabilitado ou desbloqueado e pode ser alternada entre os dois estados. Somente uma política em um estado desbloqueado pode fazer a transição para um estado bloqueado que não pode ser revertido.
|
|
AccountStatus
|
Obtém o status que indica se o local principal da conta de armazenamento está disponível ou indisponível.
|
|
AccountType
|
Especifica o tipo de conta do Active Directory para o Armazenamento do Azure. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será opcional. Se fornecido, samAccountName também deve ser fornecido. Para directoryServiceOptions AADDS (autenticação Entra DS) ou AADKERB (autenticação Entra), essa propriedade pode ser omitida.
|
|
ActiveDirectoryProperties
|
Propriedades de configurações do Active Directory (AD).
|
|
AllowedCopyScope
|
Restrinja a cópia de e para contas de armazenamento em um locatário do AAD ou com links privados para a mesma VNet.
|
|
AzureFilesIdentityBasedAuthentication
|
Configurações para autenticação baseada em identidade dos Arquivos do Azure.
|
|
BlobRestoreParameters
|
Parâmetros de restauração de blob
|
|
BlobRestoreProgressStatus
|
O status do progresso da restauração do blob. Os valores possíveis são: - InProgress: indica que a restauração de blob está em andamento. - Concluído: indica que a restauração do blob foi concluída com êxito. - Falha: indica que a restauração do blob falhou.
|
|
BlobRestoreRange
|
Intervalo de blobs
|
|
BlobRestoreStatus
|
Status de restauração de blob.
|
|
Bypass
|
Especifica se o tráfego é ignorado para registro em log/métricas/AzureServices. Os valores possíveis são qualquer combinação de registro em log|Métricas|AzureServices (por exemplo, "Log, Métricas" ou Nenhum para ignorar nenhum desses tráfegos.
|
|
CustomDomain
|
O domínio personalizado atribuído a essa conta de armazenamento. Isso pode ser definido por meio de Atualização.
|
|
DefaultAction
|
Especifica a ação padrão de permitir ou negar quando nenhuma outra regra corresponder.
|
|
DefaultSharePermission
|
Permissão de compartilhamento padrão para usuários que usam a autenticação Kerberos se a função RBAC não for atribuída.
|
|
DirectoryServiceOptions
|
Indica o serviço de diretório usado. Observe que essa enumeração pode ser estendida no futuro.
|
|
DnsEndpointType
|
Permite que você especifique o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, o que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador de zona DNS alfanumérica.
|
|
DualStackEndpointPreference
|
A preferência de endpoint de pilha dupla define se os endpoints IPv6 serão publicados.
|
|
Encryption
|
As configurações de criptografia na conta de armazenamento.
|
|
EncryptionIdentity
|
Identidade de criptografia para a conta de armazenamento.
|
|
EncryptionService
|
Um serviço que permite que a criptografia do lado do servidor seja usada.
|
|
EncryptionServices
|
Uma lista de serviços que dão suporte à criptografia.
|
|
Endpoints
|
Os URIs que são usados para executar uma recuperação de um blob público, fila, tabela, web ou objeto dfs.
|
|
ErrorResponse
|
Uma resposta de erro do provedor de recursos de armazenamento.
|
|
ErrorResponseBody
|
Contrato do corpo da resposta de erro.
|
|
ExpirationAction
|
A Ação de Expiração sas define a ação a ser executada quando sasPolicy.sasExpirationPeriod é violada. A ação 'Log' pode ser usada para fins de auditoria e a ação 'Bloquear' pode ser usada para bloquear e negar o uso de tokens SAS que não aderem ao período de expiração da política sas.
|
|
ExtendedLocation
|
O tipo complexo do local estendido.
|
|
ExtendedLocationTypes
|
O tipo de extendedLocation.
|
|
GeoPriorityReplicationStatus
|
Status de habilitação da Replicação de Prioridade Geográfica para a conta de armazenamento.
|
|
GeoReplicationStats
|
Estatísticas relacionadas à replicação para os serviços blob, tabela, fila e arquivo da conta de armazenamento. Ele só está disponível quando a replicação com redundância geográfica está habilitada para a conta de armazenamento.
|
|
GeoReplicationStatus
|
O status do local secundário. Os valores possíveis são: - Ativo: Indica que o local secundário está ativo e operacional. - Bootstrap: indica que a sincronização inicial do local primário para o local secundário está em andamento. Isso geralmente ocorre quando a replicação é habilitada pela primeira vez. - Indisponível: indica que o local secundário está temporariamente indisponível.
|
|
Identity
|
Identidade do recurso.
|
|
IdentityType
|
O tipo de identidade.
|
|
ImmutableStorageAccount
|
Essa propriedade habilita e define a imutabilidade no nível da conta. Habilitar o recurso habilita automaticamente o Controle de Versão de Blobs.
|
|
IPRule
|
Regra de IP com um intervalo ip ou IP específico no formato CIDR.
|
|
KeyCreationTime
|
Hora de criação das chaves da conta de armazenamento.
|
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
KeySource
|
A chave de criptografiaSource (provedor). Valores possíveis (que não diferenciam maiúsculas de minúsculas): Microsoft.Storage, Microsoft.Keyvault
|
|
KeyType
|
Tipo de chave de criptografia a ser usado para o serviço de criptografia. O tipo de chave 'Account' implica que uma chave de criptografia com escopo de conta será usada. O tipo de chave 'Service' implica que uma chave de serviço padrão é usada.
|
|
KeyVaultProperties
|
Propriedades do cofre de chaves.
|
|
Kind
|
Indica o tipo de conta de armazenamento.
|
|
LargeFileSharesState
|
Permitir compartilhamentos de arquivos grandes se os conjuntos estiverem habilitados. Ele não pode ser desabilitado depois de habilitado.
|
|
MinimumTlsVersion
|
Defina a versão mínima do TLS para ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para essa propriedade.
|
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
Placement
|
O tipo complexo dos detalhes de posicionamento zonal.
|
|
PostFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta.
|
|
PostPlannedFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta planejado.
|
|
PrivateEndpoint
|
O recurso de ponto de extremidade privado.
|
|
PrivateEndpointConnection
|
O recurso conexão de ponto de extremidade privado.
|
|
PrivateEndpointConnectionProvisioningState
|
O estado de provisionamento atual.
|
|
PrivateEndpointServiceConnectionStatus
|
O status da conexão do ponto de extremidade privado.
|
|
PrivateLinkServiceConnectionState
|
Uma coleção de informações sobre o estado da conexão entre o consumidor de serviço e o provedor.
|
|
ProvisioningState
|
Obtém o status da conta de armazenamento no momento em que a operação foi chamada.
|
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir que a configuração do Perímetro de Segurança de Rede avalie o acesso de rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser "Habilitado", "Desabilitado" ou "SecuredByPerimeter".
|
|
ResourceAccessRule
|
Regra de acesso a recursos.
|
|
RoutingChoice
|
A Opção de Roteamento define o tipo de roteamento de rede optado pelo usuário.
|
|
RoutingPreference
|
A preferência de roteamento define o tipo de rede, o roteamento da Microsoft ou da Internet a ser usado para fornecer os dados do usuário, a opção padrão é o roteamento da Microsoft
|
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
Sku
|
A SKU da conta de armazenamento.
|
|
SkuConversionStatus
|
Essa propriedade indica o status atual de conversão de SKU.
|
|
SkuName
|
O nome da SKU. Necessário para a criação da conta; opcional para atualização. Observe que, em versões mais antigas, o nome da SKU era chamado accountType.
|
|
SkuTier
|
A camada de SKU. Isso é baseado no nome da SKU.
|
|
SmbOAuthSettings
|
Definindo a propriedade para acesso à Identidade Gerenciada por SMB usando OAuth
|
|
State
|
Obtém o estado da regra de rede virtual.
|
|
StorageAccount
|
A conta de armazenamento.
|
|
StorageAccountCreateParameters
|
Os parâmetros usados ao criar uma conta de armazenamento.
|
|
StorageAccountInternetEndpoints
|
Os URIs que são usados para executar uma recuperação de um blob público, arquivo, web ou objeto dfs por meio de um ponto de extremidade de roteamento da Internet.
|
|
StorageAccountIpv6Endpoints
|
Os URIs usados para executar uma recuperação de um blob público, fila, tabela, objeto Web ou dfs por meio de um ponto de extremidade IPv6.
|
|
StorageAccountMicrosoftEndpoints
|
Os URIs usados para executar uma recuperação de um objeto de blob, fila, tabela, Web ou dfs públicos por meio de um ponto de extremidade de roteamento da Microsoft.
|
|
StorageAccountSkuConversionStatus
|
Isso define o objeto de status de conversão de sku para conversões de sku assíncronas.
|
|
UserAssignedIdentity
|
UserAssignedIdentity para o recurso.
|
|
VirtualNetworkRule
|
Regra de Rede Virtual.
|
|
ZonePlacementPolicy
|
A política de fixação da zona de disponibilidade para a conta de armazenamento.
|
AccessTier
Enumeração
Necessário para contas de armazenamento em que tipo = BlobStorage. A camada de acesso é usada para cobrança. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
| Valor |
Description |
|
Hot
|
|
|
Cool
|
|
|
Premium
|
|
|
Cold
|
|
AccountImmutabilityPolicyProperties
Objeto
Isso define as propriedades da política de imutabilidade no nível da conta.
| Nome |
Tipo |
Description |
|
allowProtectedAppendWrites
|
boolean
|
Essa propriedade só pode ser alterada para políticas de retenção baseadas em tempo desabilitadas e desbloqueadas. Quando habilitados, novos blocos podem ser gravados em um blob de acréscimo, mantendo a proteção e a conformidade da imutabilidade. Somente novos blocos podem ser adicionados e todos os blocos existentes não podem ser modificados ou excluídos.
|
|
immutabilityPeriodSinceCreationInDays
|
integer
(int32)
minimum: 1
maximum: 146000
|
O período de imutabilidade dos blobs no contêiner desde a criação da política, em dias.
|
|
state
|
AccountImmutabilityPolicyState
|
O estado ImmutabilityPolicy define o modo da política. O estado desabilitado desabilita a política, o estado desbloqueado permite aumentar e diminuir o tempo de retenção de imutabilidade e também permite a agregação da propriedade allowProtectedAppendWrites, o estado Bloqueado permite apenas o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada em um estado desabilitado ou desbloqueado e pode ser alternada entre os dois estados. Somente uma política em um estado desbloqueado pode fazer a transição para um estado bloqueado que não pode ser revertido.
|
AccountImmutabilityPolicyState
Enumeração
O estado ImmutabilityPolicy define o modo da política. O estado desabilitado desabilita a política, o estado desbloqueado permite aumentar e diminuir o tempo de retenção de imutabilidade e também permite a agregação da propriedade allowProtectedAppendWrites, o estado Bloqueado permite apenas o aumento do tempo de retenção de imutabilidade. Uma política só pode ser criada em um estado desabilitado ou desbloqueado e pode ser alternada entre os dois estados. Somente uma política em um estado desbloqueado pode fazer a transição para um estado bloqueado que não pode ser revertido.
| Valor |
Description |
|
Unlocked
|
|
|
Locked
|
|
|
Disabled
|
|
AccountStatus
Enumeração
Obtém o status que indica se o local principal da conta de armazenamento está disponível ou indisponível.
| Valor |
Description |
|
available
|
|
|
unavailable
|
|
AccountType
Enumeração
Especifica o tipo de conta do Active Directory para o Armazenamento do Azure. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será opcional. Se fornecido, samAccountName também deve ser fornecido. Para directoryServiceOptions AADDS (autenticação Entra DS) ou AADKERB (autenticação Entra), essa propriedade pode ser omitida.
| Valor |
Description |
|
User
|
|
|
Computer
|
|
ActiveDirectoryProperties
Objeto
Propriedades de configurações do Active Directory (AD).
| Nome |
Tipo |
Description |
|
accountType
|
AccountType
|
Especifica o tipo de conta do Active Directory para o Armazenamento do Azure. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será opcional. Se fornecido, samAccountName também deve ser fornecido. Para directoryServiceOptions AADDS (autenticação Entra DS) ou AADKERB (autenticação Entra), essa propriedade pode ser omitida.
|
|
azureStorageSid
|
string
|
Especifica o SID (identificador de segurança) para o Armazenamento do Azure. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será necessária. Caso contrário, ele pode ser omitido.
|
|
domainGuid
|
string
|
Especifica o GUID do domínio. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será necessária. Se directoryServiceOptions estiver definido como AADDS (autenticação Entra DS), essa propriedade poderá ser omitida. Se directoryServiceOptions estiver definido como AADKERB (autenticação Entra), essa propriedade será opcional; ele é necessário para dar suporte à configuração de permissões em nível de diretório e arquivo por meio do Explorador de Arquivos do Windows, mas não é necessário para autenticação.
|
|
domainName
|
string
|
Especifica o domínio primário para o qual o servidor DNS do AD é autoritativo. Essa propriedade será necessária se directoryServiceOptions estiver definido como AD (autenticação do AD DS). Se directoryServiceOptions estiver definido como AADDS (autenticação Entra DS), fornecer essa propriedade será opcional, pois será inferido automaticamente se omitido. Se directoryServiceOptions estiver definido como AADKERB (autenticação Entra), essa propriedade será opcional; ele é necessário para dar suporte à configuração de permissões em nível de diretório e arquivo por meio do Explorador de Arquivos do Windows, mas não é necessário para autenticação.
|
|
domainSid
|
string
|
Especifica o SID (identificador de segurança) do domínio do AD. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será necessária. Caso contrário, ele pode ser omitido.
|
|
forestName
|
string
|
Especifica a floresta do Active Directory a ser obtida. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será necessária. Caso contrário, ele pode ser omitido.
|
|
netBiosDomainName
|
string
|
Especifica o nome de domínio NetBIOS. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será necessária. Caso contrário, ele pode ser omitido.
|
|
samAccountName
|
string
|
Especifica o SAMAccountName do Active Directory para o Armazenamento do Azure. Se directoryServiceOptions estiver definido como AD (autenticação do AD DS), essa propriedade será opcional. Se fornecido, accountType também deve ser fornecido. Para directoryServiceOptions AADDS (autenticação Entra DS) ou AADKERB (autenticação Entra), essa propriedade pode ser omitida.
|
AllowedCopyScope
Enumeração
Restrinja a cópia de e para contas de armazenamento em um locatário do AAD ou com links privados para a mesma VNet.
| Valor |
Description |
|
PrivateLink
|
|
|
AAD
|
|
AzureFilesIdentityBasedAuthentication
Objeto
Configurações para autenticação baseada em identidade dos Arquivos do Azure.
| Nome |
Tipo |
Description |
|
activeDirectoryProperties
|
ActiveDirectoryProperties
|
Informações adicionais sobre o serviço de diretório. Obrigatório se directoryServiceOptions for AD (autenticação do AD DS). Opcional para directoryServiceOptions AADDS (autenticação Entra DS) e AADKERB (autenticação Entra).
|
|
defaultSharePermission
|
DefaultSharePermission
|
Permissão de compartilhamento padrão para usuários que usam a autenticação Kerberos se a função RBAC não for atribuída.
|
|
directoryServiceOptions
|
DirectoryServiceOptions
|
Indica o serviço de diretório usado. Observe que essa enumeração pode ser estendida no futuro.
|
|
smbOAuthSettings
|
SmbOAuthSettings
|
Necessário para acesso a Identidades Gerenciadas usando OAuth sobre SMB.
|
BlobRestoreParameters
Objeto
Parâmetros de restauração de blob
| Nome |
Tipo |
Description |
|
blobRanges
|
BlobRestoreRange[]
|
Intervalos de blob a serem restaurados.
|
|
timeToRestore
|
string
(date-time)
|
Restaure o blob para o tempo especificado.
|
BlobRestoreProgressStatus
Enumeração
O status do progresso da restauração do blob. Os valores possíveis são: - InProgress: indica que a restauração de blob está em andamento. - Concluído: indica que a restauração do blob foi concluída com êxito. - Falha: indica que a restauração do blob falhou.
| Valor |
Description |
|
InProgress
|
|
|
Complete
|
|
|
Failed
|
|
BlobRestoreRange
Objeto
Intervalo de blobs
| Nome |
Tipo |
Description |
|
endRange
|
string
|
Intervalo final do blob. Isso é exclusivo. Vazio significa fim da conta.
|
|
startRange
|
string
|
Intervalo inicial do blob. Isso é inclusivo. Vazio significa início da conta.
|
BlobRestoreStatus
Objeto
Status de restauração de blob.
| Nome |
Tipo |
Description |
|
failureReason
|
string
|
Motivo da falha quando a restauração do blob falha.
|
|
parameters
|
BlobRestoreParameters
|
Parâmetros de solicitação de restauração de blob.
|
|
restoreId
|
string
|
ID para acompanhar a solicitação de restauração de blob.
|
|
status
|
BlobRestoreProgressStatus
|
O status do progresso da restauração do blob. Os valores possíveis são: - InProgress: indica que a restauração de blob está em andamento. - Concluído: indica que a restauração do blob foi concluída com êxito. - Falha: indica que a restauração do blob falhou.
|
Bypass
Enumeração
Especifica se o tráfego é ignorado para registro em log/métricas/AzureServices. Os valores possíveis são qualquer combinação de registro em log|Métricas|AzureServices (por exemplo, "Log, Métricas" ou Nenhum para ignorar nenhum desses tráfegos.
| Valor |
Description |
|
None
|
|
|
Logging
|
|
|
Metrics
|
|
|
AzureServices
|
|
CustomDomain
Objeto
O domínio personalizado atribuído a essa conta de armazenamento. Isso pode ser definido por meio de Atualização.
| Nome |
Tipo |
Description |
|
name
|
string
|
Obtém ou define o nome de domínio personalizado atribuído à conta de armazenamento. O nome é a origem CNAME.
|
|
useSubDomainName
|
boolean
|
Indica se a validação indireta do CName está habilitada. O valor padrão é falso. Isso só deve ser definido em atualizações.
|
DefaultAction
Enumeração
Especifica a ação padrão de permitir ou negar quando nenhuma outra regra corresponder.
| Valor |
Description |
|
Allow
|
|
|
Deny
|
|
DefaultSharePermission
Enumeração
Permissão de compartilhamento padrão para usuários que usam a autenticação Kerberos se a função RBAC não for atribuída.
| Valor |
Description |
|
None
|
|
|
StorageFileDataSmbShareReader
|
|
|
StorageFileDataSmbShareContributor
|
|
|
StorageFileDataSmbShareElevatedContributor
|
|
DirectoryServiceOptions
Enumeração
Indica o serviço de diretório usado. Observe que essa enumeração pode ser estendida no futuro.
| Valor |
Description |
|
None
|
|
|
AADDS
|
|
|
AD
|
|
|
AADKERB
|
|
DnsEndpointType
Enumeração
Permite que você especifique o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, o que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador de zona DNS alfanumérica.
| Valor |
Description |
|
Standard
|
|
|
AzureDnsZone
|
|
DualStackEndpointPreference
Objeto
A preferência de endpoint de pilha dupla define se os endpoints IPv6 serão publicados.
| Nome |
Tipo |
Description |
|
publishIpv6Endpoint
|
boolean
|
Um sinalizador booleano que indica se os pontos de extremidade de armazenamento IPv6 devem ser publicados.
|
Encryption
Objeto
As configurações de criptografia na conta de armazenamento.
| Nome |
Tipo |
Valor padrão |
Description |
|
identity
|
EncryptionIdentity
|
|
A identidade a ser usada com criptografia do lado do serviço em repouso.
|
|
keySource
|
KeySource
|
Microsoft.Storage
|
A chave de criptografiaSource (provedor). Valores possíveis (que não diferenciam maiúsculas de minúsculas): Microsoft.Storage, Microsoft.Keyvault
|
|
keyvaultproperties
|
KeyVaultProperties
|
|
Propriedades fornecidas pelo cofre de chaves.
|
|
requireInfrastructureEncryption
|
boolean
|
|
Um booliano que indica se o serviço aplica ou não uma camada secundária de criptografia com chaves gerenciadas pela plataforma para dados em repouso.
|
|
services
|
EncryptionServices
|
|
Lista de serviços que dão suporte à criptografia.
|
EncryptionIdentity
Objeto
Identidade de criptografia para a conta de armazenamento.
| Nome |
Tipo |
Description |
|
federatedIdentityClientId
|
string
|
ClientId do aplicativo multilocatário a ser usado em conjunto com a identidade atribuída pelo usuário para criptografia do lado do servidor de chaves gerenciadas pelo cliente entre locatários na conta de armazenamento.
|
|
userAssignedIdentity
|
string
|
Identificador de recurso da identidade UserAssigned a ser associada à criptografia do lado do servidor na conta de armazenamento.
|
EncryptionService
Objeto
Um serviço que permite que a criptografia do lado do servidor seja usada.
| Nome |
Tipo |
Description |
|
enabled
|
boolean
|
Um booliano que indica se o serviço criptografa ou não os dados conforme eles são armazenados. A criptografia em repouso está habilitada por padrão hoje e não pode ser desabilitada.
|
|
keyType
|
KeyType
|
Tipo de chave de criptografia a ser usado para o serviço de criptografia. O tipo de chave 'Account' implica que uma chave de criptografia com escopo de conta será usada. O tipo de chave 'Service' implica que uma chave de serviço padrão é usada.
|
|
lastEnabledTime
|
string
(date-time)
|
Obtém uma estimativa aproximada da data/hora em que a criptografia foi habilitada pela última vez pelo usuário. Os dados são criptografados em repouso por padrão hoje e não podem ser desativados.
|
EncryptionServices
Objeto
Uma lista de serviços que dão suporte à criptografia.
| Nome |
Tipo |
Description |
|
blob
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de blobs.
|
|
file
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de arquivos.
|
|
queue
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de filas.
|
|
table
|
EncryptionService
|
A função de criptografia do serviço de armazenamento de tabelas.
|
Endpoints
Objeto
Os URIs que são usados para executar uma recuperação de um blob público, fila, tabela, web ou objeto dfs.
| Nome |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade do blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
internetEndpoints
|
StorageAccountInternetEndpoints
|
Obtém os pontos de extremidade de armazenamento de roteamento da Internet
|
|
ipv6Endpoints
|
StorageAccountIpv6Endpoints
|
Obtém os pontos de extremidade de armazenamento IPv6.
|
|
microsoftEndpoints
|
StorageAccountMicrosoftEndpoints
|
Obtém os pontos de extremidade de armazenamento de roteamento da Microsoft.
|
|
queue
|
string
|
Obtém o ponto de extremidade da fila.
|
|
table
|
string
|
Obtém o ponto de extremidade da tabela.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
ErrorResponse
Objeto
Uma resposta de erro do provedor de recursos de armazenamento.
| Nome |
Tipo |
Description |
|
error
|
ErrorResponseBody
|
Corpo da resposta de erro do Provedor de Recursos de Armazenamento do Azure.
|
ErrorResponseBody
Objeto
Contrato do corpo da resposta de erro.
| Nome |
Tipo |
Description |
|
code
|
string
|
Um identificador para o erro. Os códigos são invariáveis e devem ser consumidos programaticamente.
|
|
message
|
string
|
Uma mensagem que descreve o erro, destinada a ser adequada para exibição em uma interface do usuário.
|
ExpirationAction
Enumeração
A Ação de Expiração sas define a ação a ser executada quando sasPolicy.sasExpirationPeriod é violada. A ação 'Log' pode ser usada para fins de auditoria e a ação 'Bloquear' pode ser usada para bloquear e negar o uso de tokens SAS que não aderem ao período de expiração da política sas.
| Valor |
Description |
|
Log
|
|
|
Block
|
|
ExtendedLocation
Objeto
O tipo complexo do local estendido.
| Nome |
Tipo |
Description |
|
name
|
string
|
O nome do local estendido.
|
|
type
|
ExtendedLocationTypes
|
O tipo de local estendido.
|
ExtendedLocationTypes
Enumeração
O tipo de extendedLocation.
| Valor |
Description |
|
EdgeZone
|
|
GeoPriorityReplicationStatus
Objeto
Status de habilitação da Replicação de Prioridade Geográfica para a conta de armazenamento.
| Nome |
Tipo |
Description |
|
isBlobEnabled
|
boolean
|
Indica se a Replicação de Prioridade Geográfica de Blob está habilitada para a conta de armazenamento.
|
GeoReplicationStats
Objeto
Estatísticas relacionadas à replicação para os serviços blob, tabela, fila e arquivo da conta de armazenamento. Ele só está disponível quando a replicação com redundância geográfica está habilitada para a conta de armazenamento.
| Nome |
Tipo |
Description |
|
canFailover
|
boolean
|
Um sinalizador booleano que indica se há ou não suporte para failover de conta para a conta.
|
|
canPlannedFailover
|
boolean
|
Um sinalizador booliano que indica se há ou não suporte para failover de conta planejado para a conta.
|
|
lastSyncTime
|
string
(date-time)
|
Todas as gravações primárias que precedem esse valor de data/hora UTC têm a garantia de estar disponíveis para operações de leitura. As gravações primárias após esse ponto no tempo podem ou não estar disponíveis para leituras. O elemento pode ser o valor padrão se o valor de LastSyncTime não estiver disponível, isso pode acontecer se o secundário estiver offline ou se estivermos em bootstrap.
|
|
postFailoverRedundancy
|
PostFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta.
|
|
postPlannedFailoverRedundancy
|
PostPlannedFailoverRedundancy
|
O tipo de redundância da conta após a execução de um failover de conta planejado.
|
|
status
|
GeoReplicationStatus
|
O status do local secundário. Os valores possíveis são: - Ativo: Indica que o local secundário está ativo e operacional. - Bootstrap: indica que a sincronização inicial do local primário para o local secundário está em andamento. Isso geralmente ocorre quando a replicação é habilitada pela primeira vez. - Indisponível: indica que o local secundário está temporariamente indisponível.
|
GeoReplicationStatus
Enumeração
O status do local secundário. Os valores possíveis são: - Ativo: Indica que o local secundário está ativo e operacional. - Bootstrap: indica que a sincronização inicial do local primário para o local secundário está em andamento. Isso geralmente ocorre quando a replicação é habilitada pela primeira vez. - Indisponível: indica que o local secundário está temporariamente indisponível.
| Valor |
Description |
|
Live
|
|
|
Bootstrap
|
|
|
Unavailable
|
|
Identity
Objeto
Identidade do recurso.
| Nome |
Tipo |
Description |
|
principalId
|
string
|
A ID principal da identidade do recurso.
|
|
tenantId
|
string
|
A ID do locatário do recurso.
|
|
type
|
IdentityType
|
O tipo de identidade.
|
|
userAssignedIdentities
|
<string,
UserAssignedIdentity>
|
Obtém ou define uma lista de pares de valores de chave que descrevem o conjunto de identidades atribuídas pelo usuário que serão usadas com essa conta de armazenamento. A chave é o identificador de recurso do ARM da identidade. Somente uma identidade atribuída pelo usuário é permitida aqui.
|
IdentityType
Enumeração
O tipo de identidade.
| Valor |
Description |
|
None
|
|
|
SystemAssigned
|
|
|
UserAssigned
|
|
|
SystemAssigned,UserAssigned
|
|
ImmutableStorageAccount
Objeto
Essa propriedade habilita e define a imutabilidade no nível da conta. Habilitar o recurso habilita automaticamente o Controle de Versão de Blobs.
| Nome |
Tipo |
Description |
|
enabled
|
boolean
|
Um sinalizador booliano que permite a imutabilidade no nível da conta. Todos os contêineres em tal conta têm imutabilidade no nível do objeto habilitada por padrão.
|
|
immutabilityPolicy
|
AccountImmutabilityPolicyProperties
|
Especifica a política de imutabilidade de nível de conta padrão herdada e aplicada a objetos que não possuem uma política de imutabilidade explícita no nível do objeto. A política de imutabilidade no nível do objeto tem precedência maior do que a política de imutabilidade no nível do contêiner, que tem uma precedência maior do que a política de imutabilidade no nível da conta.
|
IPRule
Objeto
Regra de IP com um intervalo ip ou IP específico no formato CIDR.
| Nome |
Tipo |
Description |
|
action
|
enum:
Allow
|
A ação da regra de ACL IP.
|
|
value
|
string
|
Especifica o IP ou o intervalo de IP no formato CIDR.
|
KeyCreationTime
Objeto
Hora de criação das chaves da conta de armazenamento.
| Nome |
Tipo |
Description |
|
key1
|
string
(date-time)
|
|
|
key2
|
string
(date-time)
|
|
KeyPolicy
Objeto
KeyPolicy atribuído à conta de armazenamento.
| Nome |
Tipo |
Description |
|
keyExpirationPeriodInDays
|
integer
(int32)
|
O período de expiração da chave em dias.
|
KeySource
Enumeração
A chave de criptografiaSource (provedor). Valores possíveis (que não diferenciam maiúsculas de minúsculas): Microsoft.Storage, Microsoft.Keyvault
| Valor |
Description |
|
Microsoft.Storage
|
|
|
Microsoft.Keyvault
|
|
KeyType
Enumeração
Tipo de chave de criptografia a ser usado para o serviço de criptografia. O tipo de chave 'Account' implica que uma chave de criptografia com escopo de conta será usada. O tipo de chave 'Service' implica que uma chave de serviço padrão é usada.
| Valor |
Description |
|
Service
|
|
|
Account
|
|
KeyVaultProperties
Objeto
Propriedades do cofre de chaves.
| Nome |
Tipo |
Description |
|
currentVersionedKeyExpirationTimestamp
|
string
(date-time)
|
Essa é uma propriedade somente leitura que representa o tempo de expiração da versão atual da chave gerenciada pelo cliente usada para criptografia.
|
|
currentVersionedKeyIdentifier
|
string
|
O identificador de objeto da chave do Key Vault com versão atual em uso.
|
|
keyname
|
string
|
O nome da chave KeyVault.
|
|
keyvaulturi
|
string
|
O Uri de KeyVault.
|
|
keyversion
|
string
|
A versão da chave do KeyVault.
|
|
lastKeyRotationTimestamp
|
string
(date-time)
|
Carimbo de data/hora da última rotação da chave do Key Vault.
|
Kind
Enumeração
Indica o tipo de conta de armazenamento.
| Valor |
Description |
|
Storage
|
|
|
StorageV2
|
|
|
BlobStorage
|
|
|
FileStorage
|
|
|
BlockBlobStorage
|
|
LargeFileSharesState
Enumeração
Permitir compartilhamentos de arquivos grandes se os conjuntos estiverem habilitados. Ele não pode ser desabilitado depois de habilitado.
| Valor |
Description |
|
Disabled
|
|
|
Enabled
|
|
MinimumTlsVersion
Enumeração
Defina a versão mínima do TLS para ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para essa propriedade.
| Valor |
Description |
|
TLS1_0
|
|
|
TLS1_1
|
|
|
TLS1_2
|
|
|
TLS1_3
|
|
NetworkRuleSet
Objeto
Conjunto de regras de rede
| Nome |
Tipo |
Valor padrão |
Description |
|
bypass
|
Bypass
|
AzureServices
|
Especifica se o tráfego é ignorado para registro em log/métricas/AzureServices. Os valores possíveis são qualquer combinação de registro em log|Métricas|AzureServices (por exemplo, "Log, Métricas" ou Nenhum para ignorar nenhum desses tráfegos.
|
|
defaultAction
|
DefaultAction
|
Allow
|
Especifica a ação padrão de permitir ou negar quando nenhuma outra regra corresponder.
|
|
ipRules
|
IPRule[]
|
|
Define as regras de ACL de IP
|
|
ipv6Rules
|
IPRule[]
|
|
Define as regras de ACL IPv6.
|
|
resourceAccessRules
|
ResourceAccessRule[]
|
|
Define as regras de acesso a recursos
|
|
virtualNetworkRules
|
VirtualNetworkRule[]
|
|
Define as regras de rede virtual
|
Placement
Objeto
O tipo complexo dos detalhes de posicionamento zonal.
| Nome |
Tipo |
Description |
|
zonePlacementPolicy
|
ZonePlacementPolicy
|
A política de fixação da zona de disponibilidade para a conta de armazenamento.
|
PostFailoverRedundancy
Enumeração
O tipo de redundância da conta após a execução de um failover de conta.
| Valor |
Description |
|
Standard_LRS
|
|
|
Standard_ZRS
|
|
PostPlannedFailoverRedundancy
Enumeração
O tipo de redundância da conta após a execução de um failover de conta planejado.
| Valor |
Description |
|
Standard_GRS
|
|
|
Standard_GZRS
|
|
|
Standard_RAGRS
|
|
|
Standard_RAGZRS
|
|
PrivateEndpoint
Objeto
O recurso de ponto de extremidade privado.
| Nome |
Tipo |
Description |
|
id
|
string
|
O identificador do ARM para Ponto de Extremidade Privado
|
PrivateEndpointConnection
Objeto
O recurso conexão de ponto de extremidade privado.
| Nome |
Tipo |
Description |
|
id
|
string
|
ID de recurso totalmente qualificada para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
O nome do recurso
|
|
properties.privateEndpoint
|
PrivateEndpoint
|
O recurso do ponto de extremidade privado.
|
|
properties.privateLinkServiceConnectionState
|
PrivateLinkServiceConnectionState
|
Uma coleção de informações sobre o estado da conexão entre o consumidor de serviço e o provedor.
|
|
properties.provisioningState
|
PrivateEndpointConnectionProvisioningState
|
O estado de provisionamento do recurso de conexão de ponto de extremidade privado.
|
|
type
|
string
|
O tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
PrivateEndpointConnectionProvisioningState
Enumeração
O estado de provisionamento atual.
| Valor |
Description |
|
Succeeded
|
|
|
Creating
|
|
|
Deleting
|
|
|
Failed
|
|
PrivateEndpointServiceConnectionStatus
Enumeração
O status da conexão do ponto de extremidade privado.
| Valor |
Description |
|
Pending
|
|
|
Approved
|
|
|
Rejected
|
|
PrivateLinkServiceConnectionState
Objeto
Uma coleção de informações sobre o estado da conexão entre o consumidor de serviço e o provedor.
| Nome |
Tipo |
Description |
|
actionRequired
|
string
|
Uma mensagem que indica se as alterações no provedor de serviços exigem atualizações no consumidor.
|
|
description
|
string
|
O motivo da aprovação/rejeição da conexão.
|
|
status
|
PrivateEndpointServiceConnectionStatus
|
Indica se a conexão foi aprovada/rejeitada/removida pelo proprietário do serviço.
|
ProvisioningState
Enumeração
Obtém o status da conta de armazenamento no momento em que a operação foi chamada.
| Valor |
Description |
|
Creating
|
|
|
ResolvingDNS
|
|
|
Succeeded
|
|
PublicNetworkAccess
Enumeração
Permitir, não permitir ou permitir que a configuração do Perímetro de Segurança de Rede avalie o acesso de rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser "Habilitado", "Desabilitado" ou "SecuredByPerimeter".
| Valor |
Description |
|
Enabled
|
|
|
Disabled
|
|
|
SecuredByPerimeter
|
|
ResourceAccessRule
Objeto
Regra de acesso a recursos.
| Nome |
Tipo |
Description |
|
resourceId
|
string
|
ID do recurso
|
|
tenantId
|
string
|
ID do Inquilino
|
RoutingChoice
Enumeração
A Opção de Roteamento define o tipo de roteamento de rede optado pelo usuário.
| Valor |
Description |
|
MicrosoftRouting
|
|
|
InternetRouting
|
|
RoutingPreference
Objeto
A preferência de roteamento define o tipo de rede, o roteamento da Microsoft ou da Internet a ser usado para fornecer os dados do usuário, a opção padrão é o roteamento da Microsoft
| Nome |
Tipo |
Description |
|
publishInternetEndpoints
|
boolean
|
Um sinalizador booliano que indica se os pontos de extremidade de armazenamento de roteamento da Internet devem ser publicados
|
|
publishMicrosoftEndpoints
|
boolean
|
Um sinalizador booliano que indica se os pontos de extremidade de armazenamento de roteamento da Microsoft devem ser publicados
|
|
routingChoice
|
RoutingChoice
|
A Opção de Roteamento define o tipo de roteamento de rede optado pelo usuário.
|
SasPolicy
Objeto
SasPolicy atribuído à conta de armazenamento.
| Nome |
Tipo |
Valor padrão |
Description |
|
expirationAction
|
ExpirationAction
|
Log
|
A Ação de Expiração sas define a ação a ser executada quando sasPolicy.sasExpirationPeriod é violada. A ação 'Log' pode ser usada para fins de auditoria e a ação 'Bloquear' pode ser usada para bloquear e negar o uso de tokens SAS que não aderem ao período de expiração da política sas.
|
|
sasExpirationPeriod
|
string
|
|
O período de expiração de SAS, DD.HH:MM:SS.
|
Sku
Objeto
A SKU da conta de armazenamento.
| Nome |
Tipo |
Description |
|
name
|
SkuName
|
O nome da SKU. Necessário para a criação da conta; opcional para atualização. Observe que, em versões mais antigas, o nome da SKU era chamado accountType.
|
|
tier
|
SkuTier
|
A camada de SKU. Isso é baseado no nome da SKU.
|
SkuConversionStatus
Enumeração
Essa propriedade indica o status atual de conversão de SKU.
| Valor |
Description |
|
InProgress
|
|
|
Succeeded
|
|
|
Failed
|
|
SkuName
Enumeração
O nome da SKU. Necessário para a criação da conta; opcional para atualização. Observe que, em versões mais antigas, o nome da SKU era chamado accountType.
| Valor |
Description |
|
Standard_LRS
|
|
|
Standard_GRS
|
|
|
Standard_RAGRS
|
|
|
Standard_ZRS
|
|
|
Premium_LRS
|
|
|
Premium_ZRS
|
|
|
Standard_GZRS
|
|
|
Standard_RAGZRS
|
|
|
StandardV2_LRS
|
|
|
StandardV2_GRS
|
|
|
StandardV2_ZRS
|
|
|
StandardV2_GZRS
|
|
|
PremiumV2_LRS
|
|
|
PremiumV2_ZRS
|
|
SkuTier
Enumeração
A camada de SKU. Isso é baseado no nome da SKU.
| Valor |
Description |
|
Standard
|
|
|
Premium
|
|
SmbOAuthSettings
Objeto
Definindo a propriedade para acesso à Identidade Gerenciada por SMB usando OAuth
| Nome |
Tipo |
Description |
|
isSmbOAuthEnabled
|
boolean
|
Especifica se as identidades gerenciadas podem acessar compartilhamentos SMB usando o OAuth. A interpretação padrão é falsa para essa propriedade.
|
State
Enumeração
Obtém o estado da regra de rede virtual.
| Valor |
Description |
|
Provisioning
|
|
|
Deprovisioning
|
|
|
Succeeded
|
|
|
Failed
|
|
|
NetworkSourceDeleted
|
|
StorageAccount
Objeto
A conta de armazenamento.
| Nome |
Tipo |
Description |
|
extendedLocation
|
ExtendedLocation
|
A extendedLocation do recurso.
|
|
id
|
string
|
ID de recurso totalmente qualificada para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
identity
|
Identity
|
A identidade do recurso.
|
|
kind
|
Kind
|
Obtém o Tipo.
|
|
location
|
string
|
A localização geográfica onde o recurso reside
|
|
name
|
string
|
O nome do recurso
|
|
placement
|
Placement
|
Optional. Obtém ou define os detalhes de posicionamento zonal para a conta de armazenamento.
|
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento em que tipo = BlobStorage. A camada de acesso é usada para cobrança. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
|
properties.accountMigrationInProgress
|
boolean
|
Se a migração da conta iniciada pelo cliente estiver em andamento, o valor será verdadeiro, caso contrário, será nulo.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou desautorizar o acesso público a todos os blobs ou contêineres na conta de armazenamento. A interpretação padrão é falsa para essa propriedade.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou desabilitar a replicação entre objetos de locatário do AAD. Defina essa propriedade como true para contas novas ou existentes somente se as políticas de replicação de objeto envolverem contas de armazenamento em diferentes locatários do AAD. A interpretação padrão é falsa para que novas contas sigam as melhores práticas de segurança por padrão.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que as solicitações sejam autorizadas com a chave de acesso da conta por meio da Chave Compartilhada. Se for falso, todas as solicitações, incluindo assinaturas de acesso compartilhado, deverão ser autorizadas com o Azure AD (Azure Active Directory). O valor padrão é nulo, que é equivalente a true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrinja a cópia de e para contas de armazenamento em um locatário do AAD ou com links privados para a mesma VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as configurações de autenticação baseadas em identidade para arquivos do Azure.
|
|
properties.blobRestoreStatus
|
BlobRestoreStatus
|
Status de restauração de blob
|
|
properties.creationTime
|
string
(date-time)
|
Obtém a data e a hora de criação da conta de armazenamento em UTC.
|
|
properties.customDomain
|
CustomDomain
|
Obtém o domínio personalizado que o usuário atribuiu a essa conta de armazenamento.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booliano que indica se a autenticação padrão é OAuth ou não. A interpretação padrão é falsa para essa propriedade.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite que você especifique o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, o que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador de zona DNS alfanumérica.
|
|
properties.dualStackEndpointPreference
|
DualStackEndpointPreference
|
Mantém informações sobre o protocolo de Internet optado pelo usuário.
|
|
properties.enableExtendedGroups
|
boolean
|
Habilita o suporte de grupo estendido com o recurso de usuários locais, se definido como true
|
|
properties.encryption
|
Encryption
|
Configurações de criptografia a serem usadas para criptografia do lado do servidor para a conta de armazenamento.
|
|
properties.failoverInProgress
|
boolean
|
Se o failover estiver em andamento, o valor será verdadeiro, caso contrário, será nulo.
|
|
properties.geoPriorityReplicationStatus
|
GeoPriorityReplicationStatus
|
Status indicando se a Replicação de Prioridade Geográfica está habilitada para a conta.
|
|
properties.geoReplicationStats
|
GeoReplicationStats
|
Estatísticas de replicação geográfica
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como true no momento da criação da conta. Quando definido como true, ele habilita a imutabilidade no nível do objeto para todos os contêineres na conta por padrão.
|
|
properties.isHnsEnabled
|
boolean
|
Conta HierarchicalNamespace habilitada se for definida como true.
|
|
properties.isLocalUserEnabled
|
boolean
|
Habilita o recurso usuários locais, se definido como true
|
|
properties.isNfsV3Enabled
|
boolean
|
Suporte ao protocolo NFS 3.0 habilitado se definido como true.
|
|
properties.isSftpEnabled
|
boolean
|
Habilita o Protocolo de Transferência de Arquivo Seguro, se definido como true
|
|
properties.isSkuConversionBlocked
|
boolean
|
Essa propriedade será definida como true ou false em um evento de migração contínua. O valor padrão é nulo.
|
|
properties.keyCreationTime
|
KeyCreationTime
|
Hora de criação das chaves da conta de armazenamento.
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permitir compartilhamentos de arquivos grandes se os conjuntos estiverem habilitados. Ele não pode ser desabilitado depois de habilitado.
|
|
properties.lastGeoFailoverTime
|
string
(date-time)
|
Obtém o carimbo de data/hora da instância mais recente de um failover para o local secundário. Somente o carimbo de data/hora mais recente é mantido. Esse elemento não será retornado se nunca houve uma instância de failover. Disponível somente se o accountType estiver Standard_GRS ou Standard_RAGRS.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS para ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para essa propriedade.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
properties.primaryEndpoints
|
Endpoints
|
Obtém as URLs usadas para executar uma recuperação de um blob público, fila ou objeto de tabela. Observe que as contas Standard_ZRS e Premium_LRS retornam apenas o ponto de extremidade do blob.
|
|
properties.primaryLocation
|
string
|
Obtém o local do data center primário para a conta de armazenamento.
|
|
properties.privateEndpointConnections
|
PrivateEndpointConnection[]
|
Lista de conexão de ponto de extremidade privado associada à conta de armazenamento especificada
|
|
properties.provisioningState
|
ProvisioningState
|
Obtém o status da conta de armazenamento no momento em que a operação foi chamada.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir que a configuração do Perímetro de Segurança de Rede avalie o acesso de rede pública à Conta de Armazenamento.
|
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de roteamento de rede aceita pelo usuário para transferência de dados
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
properties.secondaryEndpoints
|
Endpoints
|
Obtém as URLs usadas para executar uma recuperação de um blob público, fila ou objeto de tabela do local secundário da conta de armazenamento. Disponível somente se o nome do SKU estiver Standard_RAGRS.
|
|
properties.secondaryLocation
|
string
|
Obtém o local do secundário replicado geograficamente para a conta de armazenamento. Disponível somente se o accountType estiver Standard_GRS ou Standard_RAGRS.
|
|
properties.statusOfPrimary
|
AccountStatus
|
Obtém o status que indica se o local principal da conta de armazenamento está disponível ou indisponível.
|
|
properties.statusOfSecondary
|
AccountStatus
|
Obtém o status que indica se o local secundário da conta de armazenamento está disponível ou indisponível. Disponível somente se o nome da SKU estiver Standard_GRS ou Standard_RAGRS.
|
|
properties.storageAccountSkuConversionStatus
|
StorageAccountSkuConversionStatus
|
Essa propriedade é readOnly e é definida pelo servidor durante operações de conversão de sku de conta de armazenamento assíncrona.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite o tráfego https somente para o serviço de armazenamento se for configurado como true.
|
|
sku
|
Sku
|
Obtém a SKU.
|
|
tags
|
object
|
Tags de recursos.
|
|
type
|
string
|
O tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
|
zones
|
string[]
|
As zonas de disponibilidade.
|
StorageAccountCreateParameters
Objeto
Os parâmetros usados ao criar uma conta de armazenamento.
| Nome |
Tipo |
Description |
|
extendedLocation
|
ExtendedLocation
|
Optional. Defina o local estendido do recurso. Se não for definido, a conta de armazenamento será criada na região principal do Azure. Caso contrário, ele será criado no local estendido especificado
|
|
identity
|
Identity
|
A identidade do recurso.
|
|
kind
|
Kind
|
Obrigatório Indica o tipo de conta de armazenamento.
|
|
location
|
string
|
Obrigatório Obtém ou define o local do recurso. Esta será uma das Regiões Geográficas do Azure com suporte e registradas (por exemplo, Oeste dos EUA, Leste dos EUA, Sudeste Asiático, etc.). A região geográfica de um recurso não pode ser alterada depois de criada, mas se uma região geográfica idêntica for especificada na atualização, a solicitação terá êxito.
|
|
placement
|
Placement
|
Optional. Obtém ou define os detalhes de posicionamento zonal para a conta de armazenamento.
|
|
properties.accessTier
|
AccessTier
|
Necessário para contas de armazenamento em que tipo = BlobStorage. A camada de acesso é usada para cobrança. A camada de acesso 'Premium' é o valor padrão para o tipo de conta de armazenamento de blobs de blocos premium e não pode ser alterada para o tipo de conta de armazenamento de blobs de blocos premium.
|
|
properties.allowBlobPublicAccess
|
boolean
|
Permitir ou desautorizar o acesso público a todos os blobs ou contêineres na conta de armazenamento. A interpretação padrão é falsa para essa propriedade.
|
|
properties.allowCrossTenantReplication
|
boolean
|
Permitir ou desabilitar a replicação entre objetos de locatário do AAD. Defina essa propriedade como true para contas novas ou existentes somente se as políticas de replicação de objeto envolverem contas de armazenamento em diferentes locatários do AAD. A interpretação padrão é falsa para que novas contas sigam as melhores práticas de segurança por padrão.
|
|
properties.allowSharedKeyAccess
|
boolean
|
Indica se a conta de armazenamento permite que as solicitações sejam autorizadas com a chave de acesso da conta por meio da Chave Compartilhada. Se for falso, todas as solicitações, incluindo assinaturas de acesso compartilhado, deverão ser autorizadas com o Azure AD (Azure Active Directory). O valor padrão é nulo, que é equivalente a true.
|
|
properties.allowedCopyScope
|
AllowedCopyScope
|
Restrinja a cópia de e para contas de armazenamento em um locatário do AAD ou com links privados para a mesma VNet.
|
|
properties.azureFilesIdentityBasedAuthentication
|
AzureFilesIdentityBasedAuthentication
|
Fornece as configurações de autenticação baseadas em identidade para arquivos do Azure.
|
|
properties.customDomain
|
CustomDomain
|
Domínio do usuário atribuído à conta de armazenamento. O nome é a origem CNAME. Somente um domínio personalizado tem suporte por conta de armazenamento no momento. Para limpar o domínio personalizado existente, use uma cadeia de caracteres vazia para a propriedade de nome de domínio personalizado.
|
|
properties.defaultToOAuthAuthentication
|
boolean
|
Um sinalizador booliano que indica se a autenticação padrão é OAuth ou não. A interpretação padrão é falsa para essa propriedade.
|
|
properties.dnsEndpointType
|
DnsEndpointType
|
Permite que você especifique o tipo de ponto de extremidade. Defina isso como AzureDNSZone para criar um grande número de contas em uma única assinatura, o que cria contas em uma Zona DNS do Azure e a URL do ponto de extremidade terá um identificador de zona DNS alfanumérica.
|
|
properties.dualStackEndpointPreference
|
DualStackEndpointPreference
|
Mantém informações sobre o protocolo de Internet optado pelo usuário.
|
|
properties.enableExtendedGroups
|
boolean
|
Habilita o suporte de grupo estendido com o recurso de usuários locais, se definido como true
|
|
properties.encryption
|
Encryption
|
Configurações de criptografia a serem usadas para criptografia do lado do servidor para a conta de armazenamento.
|
|
properties.geoPriorityReplicationStatus
|
GeoPriorityReplicationStatus
|
Status indicando se a Replicação de Prioridade Geográfica está habilitada para a conta.
|
|
properties.immutableStorageWithVersioning
|
ImmutableStorageAccount
|
A propriedade é imutável e só pode ser definida como true no momento da criação da conta. Quando definido como true, ele habilita a imutabilidade no nível do objeto para todos os novos contêineres na conta por padrão.
|
|
properties.isHnsEnabled
|
boolean
|
Conta HierarchicalNamespace habilitada se for definida como true.
|
|
properties.isLocalUserEnabled
|
boolean
|
Habilita o recurso usuários locais, se definido como true
|
|
properties.isNfsV3Enabled
|
boolean
|
Suporte ao protocolo NFS 3.0 habilitado se definido como true.
|
|
properties.isSftpEnabled
|
boolean
|
Habilita o Protocolo de Transferência de Arquivo Seguro, se definido como true
|
|
properties.keyPolicy
|
KeyPolicy
|
KeyPolicy atribuído à conta de armazenamento.
|
|
properties.largeFileSharesState
|
LargeFileSharesState
|
Permitir compartilhamentos de arquivos grandes se os conjuntos estiverem habilitados. Ele não pode ser desabilitado depois de habilitado.
|
|
properties.minimumTlsVersion
|
MinimumTlsVersion
|
Defina a versão mínima do TLS para ser permitida em solicitações de armazenamento. A interpretação padrão é TLS 1.0 para essa propriedade.
|
|
properties.networkAcls
|
NetworkRuleSet
|
Conjunto de regras de rede
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
Permitir, não permitir ou permitir que a configuração do Perímetro de Segurança de Rede avalie o acesso de rede pública à Conta de Armazenamento. O valor é opcional, mas se passado, deve ser "Habilitado", "Desabilitado" ou "SecuredByPerimeter".
|
|
properties.routingPreference
|
RoutingPreference
|
Mantém informações sobre a opção de roteamento de rede aceita pelo usuário para transferência de dados
|
|
properties.sasPolicy
|
SasPolicy
|
SasPolicy atribuído à conta de armazenamento.
|
|
properties.supportsHttpsTrafficOnly
|
boolean
|
Permite o tráfego https somente para o serviço de armazenamento se for configurado como true. O valor padrão é verdadeiro desde a versão da API 2019-04-01.
|
|
sku
|
Sku
|
Obrigatório Obtém ou define o nome do SKU.
|
|
tags
|
object
|
Obtém ou define uma lista de pares de valores de chave que descrevem o recurso. Essas marcas podem ser usadas para exibir e agrupar esse recurso (entre grupos de recursos). Um máximo de 15 marcas pode ser fornecido para um recurso. Cada marca deve ter uma chave com um comprimento não maior que 128 caracteres e um valor com um comprimento não maior que 256 caracteres.
|
|
zones
|
string[]
|
Optional. Obtém ou define a zona de disponibilidade lógica fixada para a conta de armazenamento.
|
StorageAccountInternetEndpoints
Objeto
Os URIs que são usados para executar uma recuperação de um blob público, arquivo, web ou objeto dfs por meio de um ponto de extremidade de roteamento da Internet.
| Nome |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade do blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
StorageAccountIpv6Endpoints
Objeto
Os URIs usados para executar uma recuperação de um blob público, fila, tabela, objeto Web ou dfs por meio de um ponto de extremidade IPv6.
| Nome |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade do blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
internetEndpoints
|
StorageAccountInternetEndpoints
|
Obtém os pontos de extremidade de armazenamento de roteamento da Internet
|
|
microsoftEndpoints
|
StorageAccountMicrosoftEndpoints
|
Obtém os pontos de extremidade de armazenamento de roteamento da Microsoft.
|
|
queue
|
string
|
Obtém o ponto de extremidade da fila.
|
|
table
|
string
|
Obtém o ponto de extremidade da tabela.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
StorageAccountMicrosoftEndpoints
Objeto
Os URIs usados para executar uma recuperação de um objeto de blob, fila, tabela, Web ou dfs públicos por meio de um ponto de extremidade de roteamento da Microsoft.
| Nome |
Tipo |
Description |
|
blob
|
string
|
Obtém o ponto de extremidade do blob.
|
|
dfs
|
string
|
Obtém o ponto de extremidade dfs.
|
|
file
|
string
|
Obtém o ponto de extremidade do arquivo.
|
|
queue
|
string
|
Obtém o ponto de extremidade da fila.
|
|
table
|
string
|
Obtém o ponto de extremidade da tabela.
|
|
web
|
string
|
Obtém o ponto de extremidade da Web.
|
StorageAccountSkuConversionStatus
Objeto
Isso define o objeto de status de conversão de sku para conversões de sku assíncronas.
| Nome |
Tipo |
Description |
|
endTime
|
string
|
Essa propriedade representa a hora de término da conversão do SKU.
|
|
skuConversionStatus
|
SkuConversionStatus
|
Essa propriedade indica o status atual de conversão de SKU.
|
|
startTime
|
string
|
Essa propriedade representa a hora de início da conversão do SKU.
|
|
targetSkuName
|
SkuName
|
Essa propriedade representa o nome do SKU de destino para o qual o SKU da conta está sendo convertido de forma assíncrona.
|
UserAssignedIdentity
Objeto
UserAssignedIdentity para o recurso.
| Nome |
Tipo |
Description |
|
clientId
|
string
|
O ID do cliente da identidade.
|
|
principalId
|
string
|
A ID principal da identidade.
|
VirtualNetworkRule
Objeto
Regra de Rede Virtual.
| Nome |
Tipo |
Description |
|
action
|
enum:
Allow
|
A ação da regra de rede virtual.
|
|
id
|
string
|
ID do recurso de uma sub-rede, por exemplo: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.
|
|
state
|
State
|
Obtém o estado da regra de rede virtual.
|
ZonePlacementPolicy
Enumeração
A política de fixação da zona de disponibilidade para a conta de armazenamento.
| Valor |
Description |
|
Any
|
|
|
None
|
|