Share via

Storage Account Terraform not error

TrebuszeQ 5 Reputation points
2025-06-03T08:33:16.0466667+00:00

Hello,

I'm trying to create following storage account:

resource "azurerm_storage_account" "blob-storage-account-1-13-05-25" {
    name = "bsa1130525"
    account_kind = "StorageV2"
    resource_group_name = module.resource-group-storage-1-13-05-25.name
    location = local.default_location
    account_tier = "Standard"
    account_replication_type = "LRS"
    cross_tenant_replication_enabled = false
    access_tier = "Hot"
    blob_properties {
        cors_rule {
          allowed_headers = ["*"]
          allowed_methods = []
          allowed_origins = []
          exposed_headers = ["*"]
          max_age_in_seconds = 30
        }
       
        restore_policy {
            days = 3
        }

        versioning_enabled = true
        change_feed_enabled = true
        change_feed_retention_in_days = 7
        last_access_time_enabled = true

        delete_retention_policy {
            days = 7
            permanent_delete_enabled = false
        }

        container_delete_retention_policy {
            days = 7
        }
    }
    routing {
        publish_internet_endpoints = false
        publish_microsoft_endpoints = true
        choice = "MicrosoftRouting"
    }
    https_traffic_only_enabled = true
    allow_nested_items_to_be_public = false
    shared_access_key_enabled = true
    default_to_oauth_authentication = true
        is_hns_enabled = false
    nfsv3_enabled = false
    infrastructure_encryption_enabled = false
    local_user_enabled = true
    dns_endpoint_type = "Standard"
    allowed_copy_scope = "AAD"
    public_network_access_enabled = true
    min_tls_version = "TLS1_2"

    tags = local.default_tags
}

I've compared it with BICEP template:

param storageAccounts_bsa1130525_name string = 'bsa1130525'

resource storageAccounts_bsa1130525_name_resource 'Microsoft.Storage/storageAccounts@2024-01-01' = {
  name: storageAccounts_bsa1130525_name
  location: 'northeurope'
  tags: {
    iac: 'Terraform'
    owner: 'DevOps'
    project: 'Az Documents'
  }
  sku: {
    name: 'Standard_LRS'
    tier: 'Standard'
  }
  kind: 'BlobStorage'
  identity: {
    type: 'None'
  }
  properties: {
    dnsEndpointType: 'Standard'
    allowedCopyScope: 'AAD'
    defaultToOAuthAuthentication: true
    publicNetworkAccess: 'Enabled'
    allowCrossTenantReplication: false
    routingPreference: {
      routingChoice: 'MicrosoftRouting'
      publishMicrosoftEndpoints: true
      publishInternetEndpoints: false
    }
    isNfsV3Enabled: false
    isLocalUserEnabled: true
    isSftpEnabled: false
    minimumTlsVersion: 'TLS1_2'
    allowBlobPublicAccess: false
    allowSharedKeyAccess: true
    isHnsEnabled: false
    networkAcls: {
      resourceAccessRules: []
      bypass: 'AzureServices'
      virtualNetworkRules: []
      ipRules: []
      defaultAction: 'Allow'
    }
    supportsHttpsTrafficOnly: true
    encryption: {
      services: {
        file: {
          keyType: 'Account'
          enabled: true
        }
        blob: {
          keyType: 'Account'
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
    accessTier: 'Hot'
  }
}

resource storageAccounts_bsa1130525_name_default 'Microsoft.Storage/storageAccounts/blobServices@2024-01-01' = {
  parent: storageAccounts_bsa1130525_name_resource
  name: 'default'
  sku: {
    name: 'Standard_LRS'
    tier: 'Standard'
  }
  properties: {
    changeFeed: {
      retentionInDays: 7
      enabled: true
    }
    containerDeleteRetentionPolicy: {
      enabled: true
      days: 7
    }
    cors: {
      corsRules: []
    }
    deleteRetentionPolicy: {
      allowPermanentDelete: false
      enabled: true
      days: 7
    }
    isVersioningEnabled: true
  }
}

When I do terraform apply I've encountered this error:
Error: updating blob_properties: unexpected status 400 (400 Bad Request) with error: ContainerOperationFailure: The value for one of the XML nodes is not in the correct format.

│ RequestId:b5af7c96-501e-002b-6761-d47633000000

│ Time:2025-06-03T08:25:45.9178272Z

│ with azurerm_storage_account.blob-storage-account-1-13-05-25,

│ on main.tf line 8, in resource "azurerm_storage_account" "blob-storage-account-1-13-05-25":

│ 8: resource "azurerm_storage_account" "blob-storage-account-1-13-05-25" {

Note the account is being created, however without the properties like versioning.
User's image

Can anyone help with this? Thanks.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,182 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinod Kumar Reddy Chilupuri 4,180 Reputation points Microsoft External Staff Moderator
    2025-06-03T10:31:32.7733333+00:00

    Hi TrebuszeQ,

    The error you're encountering when applying your Terraform configuration for the Azure Storage Account seems to be related to the blob_properties section. Specifically, the error message indicates that one of the XML nodes is not in the correct format.

    • Blob Properties: The blob_properties block in Terraform should match what Azure is expecting. For example, ensure that the properties like cors_rule, restore_policy, delete_retention_policy, etc., are correctly formatted and supported by the version of Azure you are using.
    • CORS Rules: You currently have allowed_methods and allowed_origins as empty arrays. If you don't plan to allow any CORS methods and origins, consider removing those properties entirely, at least having one method specified. 
        allowed_methods = ["GET", "POST"]
  allowed_origins = ["*"]
    • Versioning and Change Feed: Make sure that your versioning and change feed options are set correctly. Sometimes misconfigured combinations can lead to deployment failures.
    • Resource Group and Location: Verify that the resource group referenced by resource_group_name and local.default_location actually exists and is accessible.
    • HNS and NFS: Since you have is_hns_enabled set to false and nfsv3_enabled set to false, make sure that these settings are compatible with the other properties you are trying to set.
    • Terraform Provider Version: Double-check the version of the azurerm provider you are using. If it is below a certain version, some properties may not be supported. Consider updating to a more recent version if you haven't done that yet.

    Create an Azure storage account
    Hope the above suggestion helps! Please let us know do you have any further queries.

    Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.