Hi Pranay ,
I update your code to test in my own environment, I updated some part that wasn't required for my test, and now it's working perfecly fine you can verify it, only update your storage account Name and the Keyvault name:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"globalConfig": {
"type": "object",
"metadata": {
"description": "Object that contains the following properties: hyphenBasedPrefix, hyphenBasedPrefixWithoutDash, baseTemplateUrl, sasToken"
},
"defaultValue": {
"hyphenBasedPrefix": "smokeprefix",
"basicPrefix": "sp",
"tags": {}
}
},
"name": {
"type": "string",
"metadata": {
"descritpion": "Name of the storage account following naming conventions"
},
"defaultValue": "yourNewStorageName"
},
"skuName": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_RAGRS",
"Standard_ZRS",
"Premium_LRS"
],
"metadata": {
"description": "sku name of the storage, like e.g. Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_LRS"
}
},
"storageKind": {
"type": "string",
"defaultValue": "BlobStorage",
"allowedValues": [
"Storage",
"StorageV2",
"BlobStorage"
],
"metadata": {
"description": "defines storage type, like e.g. blob or standard storage"
}
},
"tags": {
"type": "object",
"defaultValue": {},
"metadata": {
"description": "The tags which are supposed to be assigned to this resource."
}
},
"rsgAdd": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "The addition for resource group."
}
}
},
"variables": {
"resourceTypeIdentifier": "",
"resourceFullName": "[concat(parameters('globalConfig').basicPrefix, variables('resourceTypeIdentifier'), parameters('name'))]",
"apiVersion": "2021-02-01",
"vaultName": "yourKeyVaultName"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('skuName')]",
"tier": "[first(split(parameters('skuName'), '_'))]"
},
"kind": "[parameters('storageKind')]",
"name": "[variables('resourceFullName')]",
"apiVersion": "2019-06-01",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"supportsHttpsTrafficOnly": true,
"accessTier": "Hot"
},
"tags": "[union(parameters('globalConfig').tags, parameters('tags'))]"
}
,
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-07-01",
"name": "updateStorageAccount",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('resourceFullName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "0.1.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(variables('vaultName'), '/add')]",
"apiVersion": "2019-09-01",
"properties": {
"accessPolicies": [
{
"tenantId": "[subscription().tenantid]",
"objectId": "[reference(resourceId('Microsoft.Storage/storageAccounts', variables('resourceFullName')),'2019-06-01', 'full').identity.principalId]",
"permissions": {
"keys": [
"wrapkey",
"unwrapkey",
"sign",
"get",
"list",
"recover"
],
"secrets": [
],
"certificates": []
}
}
]
}
},
{
"type": "Microsoft.Storage/storageAccounts",
"sku": {
"name": "[parameters('skuName')]",
"tier": "[first(split(parameters('skuName'), '_'))]"
},
"kind": "[parameters('storageKind')]",
"name": "[variables('resourceFullName')]",
"apiVersion": "2019-06-01",
"location": "[if(empty(parameters('rsgAdd')),resourceGroup().location,'westus')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Keyvault",
"keyvaultproperties": {
"keyvaulturi": "[concat('https://',variables('vaultName'),'.vault.azure.net')]",
"keyname": "[if(empty(parameters('rsgAdd')),'API-KEY','Sys-API-KEY')]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults/accessPolicies', variables('vaultName'), 'add')]"
]
}
]
}
}
}
],
"outputs": {
"deployedObject": {
"value": "[reference(variables('resourceFullName'), variables('apiVersion'), 'Full')]",
"type": "object"
},
"name": {
"value": "[variables('resourceFullName')]",
"type": "string"
}
}
}
Take in consideration some prerequisites like enable purge protection on you Key vault (https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-existing-account?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=azure-portal)
Let me know if you have any problem deploying this arm template or any additional doubt.
Luis