Improve Storage Account setup in ARM Template

sg3-141-592 / AzStartStop

Self service user interface for starting and stopping VMs on demand

https://vmstartstopdemo.compactcloud.co.uk/

MIT License

22 stars 2 forks source link

Improve Storage Account setup in ARM Template #8

Closed sg3-141-592 closed 1 year ago

sg3-141-592 commented 1 year ago

Some other questions concerning the related storage account:

Is there a specific reason for it being v1?

Is Blob anonymous access required? Is storage account key access required?

Can we increase TLS version without issues?

Originally posted by @gjongeneel in https://github.com/sg3-141-592/AzStartStop/issues/4#issuecomment-1726038776

sg3-141-592 commented 1 year ago

Hey @gjongeneel just pushed a fix in the ARM Templates. You'll need to redeploy to get the updated setup.

It seems like you can theoretically disable the Shared Key Access on the storage account, if you setup appropriate Managed Identity permissions elsewhere. But it'd add more complexity to the setup on-top of the additional Managed Identity Permissions users already have to setup so I'm going to avoid for now.

gjongeneel commented 1 year ago

Nice work & completely agree!