Storage Account


The Storage Account builder creates storage accounts and their associated containers.

  • Storage Accounts (Microsoft.Storage/storageAccounts)
  • Storage Containers (blobServices/containers)
  • File Shares (fileServices/shares)
  • Queues (Microsoft.Storage/storageAccounts/queueServices/queues)
  • Tables (Microsoft.Storage/storageAccounts/tableServices/tables)

Builder Keywords

nameSpecifies the name of the storage account
skuSets the SKU of the storage account. A set of predefined SKU values are available as members in Storage.Sku, but you can create the full range of combinations of Kind and SKU as needed.
default_blob_access_tierSets the default access tier for blob containers
add_public_containerAdds a general-purpose public storage container
add_private_containerAdds a general-purpose private storage container
add_blob_containerAdds a general-purpose private blob container
add_file_shareAdds a file share to storage account
add_file_share_with_quotaAdds a file share to storage account with a share quota in Gb
add_queueAdds a queue to the storage account
add_queuesAdds a list of queues to the storage account
add_tableAdds a table to the storage account
add_tablesAdds a list of tables to the storage account
add_cors_rulesAdds a list of CORS rules to the different storage services
add_policiesAdds a list of Policies to the different storage services
enable_versioningEnabled versioning for different storage services
restrict_to_ipRestrict access to a given ip address
restrict_to_ipsRestrict access to a given ip address list
restrict_to_subnetRestrict access to a given virtual network subnet
restrict_to_azure_servicesRestrict access to a given set of Azure Services. (Used when access to the storage account already controlled by private endpoint)
disable_public_network_accessDisables public network access to the storage account
use_static_websiteActivates static website host, and uploads the provided local content as a post-deployment task to the storage with the specified index page
static_website_error_pageSpecifies the 404 page to display for static website hosting
enable_data_lakeEnables Azure Data Lake Gen2 support on the storage account
add_lifecycle_policyGiven a rule name, a list of PolicyActions and a list of string filters, creates a lifecycle policy for the storage account
grant_accessGiven a managed identity (can be either user- or system- assigned), and a specific RoleId from the Roles module, grants access to the identity for the provided role.
min_tls_versionSets the minimum TLS version for the storage account
disable_blob_public_accessDisables public (anonymous) access to blobs for the entire storage account
disable_shared_key_accessDisables shared key access for the storage account
default_to_oauth_authenticationDefaults to OAuth (AAD) authentication for requests to blobs, queues and containers in the Azure portal
use_azure_dns_zoneChange the DNS Endpoint type from Standard to AzureDnsZone

Configuration Members

KeyReturns an ARM expression to retrieve the storage account’s primary connection string. Useful for e.g. supplying the connection string to another resource e.g. KeyVault or an app setting in the App Service.
WebsitePrimaryEndpointReturns an ARM Expression for the Primary endpoint for static website (if enabled).
WebsitePrimaryEndpointHostReturns an ARM Expression for the Host of the Primary endpoint for static website (if enabled). Use this for e.g. Azure CDN integration.


The StorageAccount type contains helper methods to quickly create ARM expressions for Storage Account connection strings.


open Farmer
open Farmer.Builders
open Farmer.Storage

let storage = storageAccount {
    name "isaacssuperstorage"
    sku Storage.Sku.Premium_LRS
    restrict_to_ip ""
    restrict_to_ip ""
    restrict_to_subnet "myvnet" "mysubnet"
    add_public_container "mypubliccontainer"
    add_private_container "myprivatecontainer"
    add_blob_container "myblobcontainer"
    add_file_share "share1"
    add_file_share_with_quota "share2" 1024<Gb>
    add_queue "myqueue"
    add_queue (storageQueue {
      name "queue1"
      metadata [
        "environment", "dev"
        "project", "farmer"
    add_queues [
      storageQueue {
        name "queue1"
        metadata [
          "environment", "dev"
          "project", "farmer"
      storageQueue {
        name "queue2"
        metadata [
          "environment", "test"
          "project", "barnyard"
        storageQueue {
          name "queue1"
        storageQueue {
          name "queue"
        "environment", "dev"
        "project", "farmer"

    add_table "mytable"
    use_static_website "local/path/to/folder/content" "index.html"
    static_website_error_page "error.html"
    enable_data_lake true
    add_lifecycle_rule "moveToCool" [ Storage.CoolAfter 30<Days>; Storage.ArchiveAfter 90<Days> ] Storage.NoRuleFilters
    add_lifecycle_rule "cleanup" [ Storage.DeleteAfter 7<Days> ] [ "data/recyclebin" ]
    grant_access myWebApp.SystemIdentity Roles.StorageBlobDataReader
    add_cors_rules [
        StorageService.Blobs, CorsRule.AllowAll
        StorageService.Tables, CorsRule.create [ "" ]
        StorageService.Files, { CorsRule.AllowAll with MaxAgeInSeconds = 10 }
        StorageService.Queues, CorsRule.create ([ "" ], [ GET ])
    add_policies [
        StorageService.Blobs, [
            Policy.Restore { Enabled = true; Days = 5 }
            Policy.DeleteRetention { Enabled = true; Days = 10 }
            Policy.LastAccessTimeTracking { Enabled = true; TrackingGranularityInDays = 12 }
            Policy.ContainerDeleteRetention { Enabled = true; Days = 11 }
            Policy.ChangeFeed { Enabled = true; RetentionInDays = 30 }
    enable_versioning [ StorageService.Blobs, true ]
    min_tls_version Tls12