get
Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account. Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account. Note that this is an Account SAS and not a Service SAS.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
name: "resourceGroupName",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "storageaccountname",
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
accountTier: "Standard",
accountReplicationType: "GRS",
tags: {
environment: "staging",
},
});
const example = azure.storage.getAccountSASOutput({
connectionString: exampleAccount.primaryConnectionString,
httpsOnly: true,
signedVersion: "2022-11-02",
resourceTypes: {
service: true,
container: false,
object: false,
},
services: {
blob: true,
queue: false,
table: false,
file: false,
},
start: "2018-03-21T00:00:00Z",
expiry: "2020-03-21T00:00:00Z",
permissions: {
read: true,
write: true,
"delete": false,
list: false,
add: true,
create: true,
update: false,
process: false,
tag: false,
filter: false,
},
});
export const sasUrlQueryString = example.apply(example => example.sas);Content copied to clipboard
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("example",
name="resourceGroupName",
location="West Europe")
example_account = azure.storage.Account("example",
name="storageaccountname",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
account_tier="Standard",
account_replication_type="GRS",
tags={
"environment": "staging",
})
example = azure.storage.get_account_sas_output(connection_string=example_account.primary_connection_string,
https_only=True,
signed_version="2022-11-02",
resource_types={
"service": True,
"container": False,
"object": False,
},
services={
"blob": True,
"queue": False,
"table": False,
"file": False,
},
start="2018-03-21T00:00:00Z",
expiry="2020-03-21T00:00:00Z",
permissions={
"read": True,
"write": True,
"delete": False,
"list": False,
"add": True,
"create": True,
"update": False,
"process": False,
"tag": False,
"filter": False,
})
pulumi.export("sasUrlQueryString", example.sas)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
{
Name = "resourceGroupName",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "storageaccountname",
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
AccountTier = "Standard",
AccountReplicationType = "GRS",
Tags =
{
{ "environment", "staging" },
},
});
var example = Azure.Storage.GetAccountSAS.Invoke(new()
{
ConnectionString = exampleAccount.PrimaryConnectionString,
HttpsOnly = true,
SignedVersion = "2022-11-02",
ResourceTypes = new Azure.Storage.Inputs.GetAccountSASResourceTypesInputArgs
{
Service = true,
Container = false,
Object = false,
},
Services = new Azure.Storage.Inputs.GetAccountSASServicesInputArgs
{
Blob = true,
Queue = false,
Table = false,
File = false,
},
Start = "2018-03-21T00:00:00Z",
Expiry = "2020-03-21T00:00:00Z",
Permissions = new Azure.Storage.Inputs.GetAccountSASPermissionsInputArgs
{
Read = true,
Write = true,
Delete = false,
List = false,
Add = true,
Create = true,
Update = false,
Process = false,
Tag = false,
Filter = false,
},
});
return new Dictionary<string, object?>
{
["sasUrlQueryString"] = example.Apply(getAccountSASResult => getAccountSASResult.Sas),
};
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("resourceGroupName"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("storageaccountname"),
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
Tags: pulumi.StringMap{
"environment": pulumi.String("staging"),
},
})
if err != nil {
return err
}
example := storage.GetAccountSASOutput(ctx, storage.GetAccountSASOutputArgs{
ConnectionString: exampleAccount.PrimaryConnectionString,
HttpsOnly: pulumi.Bool(true),
SignedVersion: pulumi.String("2022-11-02"),
ResourceTypes: &storage.GetAccountSASResourceTypesArgs{
Service: pulumi.Bool(true),
Container: pulumi.Bool(false),
Object: pulumi.Bool(false),
},
Services: &storage.GetAccountSASServicesArgs{
Blob: pulumi.Bool(true),
Queue: pulumi.Bool(false),
Table: pulumi.Bool(false),
File: pulumi.Bool(false),
},
Start: pulumi.String("2018-03-21T00:00:00Z"),
Expiry: pulumi.String("2020-03-21T00:00:00Z"),
Permissions: &storage.GetAccountSASPermissionsArgs{
Read: pulumi.Bool(true),
Write: pulumi.Bool(true),
Delete: pulumi.Bool(false),
List: pulumi.Bool(false),
Add: pulumi.Bool(true),
Create: pulumi.Bool(true),
Update: pulumi.Bool(false),
Process: pulumi.Bool(false),
Tag: pulumi.Bool(false),
Filter: pulumi.Bool(false),
},
}, nil)
ctx.Export("sasUrlQueryString", example.ApplyT(func(example storage.GetAccountSASResult) (*string, error) {
return &example.Sas, nil
}).(pulumi.StringPtrOutput))
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.StorageFunctions;
import com.pulumi.azure.storage.inputs.GetAccountSASArgs;
import com.pulumi.azure.storage.inputs.GetAccountSASResourceTypesArgs;
import com.pulumi.azure.storage.inputs.GetAccountSASServicesArgs;
import com.pulumi.azure.storage.inputs.GetAccountSASPermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.name("resourceGroupName")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("storageaccountname")
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.accountTier("Standard")
.accountReplicationType("GRS")
.tags(Map.of("environment", "staging"))
.build());
final var example = StorageFunctions.getAccountSAS(GetAccountSASArgs.builder()
.connectionString(exampleAccount.primaryConnectionString())
.httpsOnly(true)
.signedVersion("2022-11-02")
.resourceTypes(GetAccountSASResourceTypesArgs.builder()
.service(true)
.container(false)
.object(false)
.build())
.services(GetAccountSASServicesArgs.builder()
.blob(true)
.queue(false)
.table(false)
.file(false)
.build())
.start("2018-03-21T00:00:00Z")
.expiry("2020-03-21T00:00:00Z")
.permissions(GetAccountSASPermissionsArgs.builder()
.read(true)
.write(true)
.delete(false)
.list(false)
.add(true)
.create(true)
.update(false)
.process(false)
.tag(false)
.filter(false)
.build())
.build());
ctx.export("sasUrlQueryString", example.applyValue(getAccountSASResult -> getAccountSASResult).applyValue(example -> example.applyValue(getAccountSASResult -> getAccountSASResult.sas())));
}
}Content copied to clipboard
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
name: example
properties:
name: resourceGroupName
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: storageaccountname
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
accountTier: Standard
accountReplicationType: GRS
tags:
environment: staging
variables:
example:
fn::invoke:
function: azure:storage:getAccountSAS
arguments:
connectionString: ${exampleAccount.primaryConnectionString}
httpsOnly: true
signedVersion: 2022-11-02
resourceTypes:
service: true
container: false
object: false
services:
blob: true
queue: false
table: false
file: false
start: 2018-03-21T00:00:00Z
expiry: 2020-03-21T00:00:00Z
permissions:
read: true
write: true
delete: false
list: false
add: true
create: true
update: false
process: false
tag: false
filter: false
outputs:
sasUrlQueryString: ${example.sas}Content copied to clipboard
Return
A collection of values returned by getAccountSAS.
Parameters
argument
A collection of arguments for invoking getAccountSAS.
suspend fun getAccountSAS(connectionString: String, expiry: String, httpsOnly: Boolean? = null, ipAddresses: String? = null, permissions: GetAccountSASPermissions, resourceTypes: GetAccountSASResourceTypes, services: GetAccountSASServices, signedVersion: String? = null, start: String): GetAccountSASResult
Return
A collection of values returned by getAccountSAS.
Parameters
connection
The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of a azure.storage.Account resource.
expiry
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
NOTE: The ISO-8601 Time offset from UTC is currently not supported by the service, which will result into 409 error.
https
Only permit https access. If false, both http and https are permitted. Defaults to true.
ip
IP address, or a range of IP addresses, from which to accept requests. When specifying a range, note that the range is inclusive.
permissions
A permissions block as defined below.
resource
A resource_types block as defined below.
services
A services block as defined below.
signed
Specifies the signed storage service version to use to authorize requests made with this account SAS. Defaults to 2022-11-02.
start
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
See also
suspend fun getAccountSAS(argument: suspend GetAccountSASPlainArgsBuilder.() -> Unit): GetAccountSASResult
Return
A collection of values returned by getAccountSAS.
Parameters
argument
Builder for com.pulumi.azure.storage.kotlin.inputs.GetAccountSASPlainArgs.