1. Packages
  2. Azure Classic
  3. API Docs
  4. elasticsan
  5. VolumeGroup

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

azure.elasticsan.VolumeGroup

Explore with Pulumi AI

Manages an Elastic SAN Volume Group resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-rg",
    location: "West Europe",
});
const exampleElasticSan = new azure.elasticsan.ElasticSan("example", {
    name: "examplees-es",
    resourceGroupName: example.name,
    location: example.location,
    baseSizeInTib: 1,
    sku: {
        name: "Premium_LRS",
    },
});
const current = azure.core.getClientConfig({});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
    name: "example-uai",
    location: example.location,
    resourceGroupName: example.name,
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
    name: "example-vnet",
    addressSpaces: ["10.0.0.0/16"],
    location: example.location,
    resourceGroupName: example.name,
});
const exampleSubnet = new azure.network.Subnet("example", {
    name: "example-subnet",
    resourceGroupName: example.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
    serviceEndpoints: ["Microsoft.Storage.Global"],
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
    name: "examplekv",
    location: example.location,
    resourceGroupName: example.name,
    enabledForDiskEncryption: true,
    tenantId: current.then(current => current.tenantId),
    softDeleteRetentionDays: 7,
    purgeProtectionEnabled: true,
    skuName: "standard",
});
const userAssignedIdentity = new azure.keyvault.AccessPolicy("userAssignedIdentity", {
    keyVaultId: exampleKeyVault.id,
    tenantId: current.then(current => current.tenantId),
    objectId: exampleUserAssignedIdentity.principalId,
    keyPermissions: [
        "Get",
        "UnwrapKey",
        "WrapKey",
    ],
    secretPermissions: ["Get"],
});
const client = new azure.keyvault.AccessPolicy("client", {
    keyVaultId: exampleKeyVault.id,
    tenantId: current.then(current => current.tenantId),
    objectId: current.then(current => current.objectId),
    keyPermissions: [
        "Get",
        "Create",
        "Delete",
        "List",
        "Restore",
        "Recover",
        "UnwrapKey",
        "WrapKey",
        "Purge",
        "Encrypt",
        "Decrypt",
        "Sign",
        "Verify",
        "GetRotationPolicy",
    ],
    secretPermissions: ["Get"],
});
const exampleKey = new azure.keyvault.Key("example", {
    name: "example-kvk",
    keyVaultId: exampleKeyVault.id,
    keyType: "RSA",
    keySize: 2048,
    keyOpts: [
        "decrypt",
        "encrypt",
        "sign",
        "unwrapKey",
        "verify",
        "wrapKey",
    ],
}, {
    dependsOn: [
        userAssignedIdentity,
        client,
    ],
});
const exampleVolumeGroup = new azure.elasticsan.VolumeGroup("example", {
    name: "example-esvg",
    elasticSanId: exampleElasticSan.id,
    encryptionType: "EncryptionAtRestWithCustomerManagedKey",
    encryption: {
        keyVaultKeyId: exampleKey.versionlessId,
        userAssignedIdentityId: exampleUserAssignedIdentity.id,
    },
    identity: {
        type: "UserAssigned",
        identityIds: [exampleUserAssignedIdentity.id],
    },
    networkRules: [{
        subnetId: exampleSubnet.id,
        action: "Allow",
    }],
});
Copy
import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-rg",
    location="West Europe")
example_elastic_san = azure.elasticsan.ElasticSan("example",
    name="examplees-es",
    resource_group_name=example.name,
    location=example.location,
    base_size_in_tib=1,
    sku={
        "name": "Premium_LRS",
    })
current = azure.core.get_client_config()
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
    name="example-uai",
    location=example.location,
    resource_group_name=example.name)
example_virtual_network = azure.network.VirtualNetwork("example",
    name="example-vnet",
    address_spaces=["10.0.0.0/16"],
    location=example.location,
    resource_group_name=example.name)
example_subnet = azure.network.Subnet("example",
    name="example-subnet",
    resource_group_name=example.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.1.0/24"],
    service_endpoints=["Microsoft.Storage.Global"])
example_key_vault = azure.keyvault.KeyVault("example",
    name="examplekv",
    location=example.location,
    resource_group_name=example.name,
    enabled_for_disk_encryption=True,
    tenant_id=current.tenant_id,
    soft_delete_retention_days=7,
    purge_protection_enabled=True,
    sku_name="standard")
user_assigned_identity = azure.keyvault.AccessPolicy("userAssignedIdentity",
    key_vault_id=example_key_vault.id,
    tenant_id=current.tenant_id,
    object_id=example_user_assigned_identity.principal_id,
    key_permissions=[
        "Get",
        "UnwrapKey",
        "WrapKey",
    ],
    secret_permissions=["Get"])
client = azure.keyvault.AccessPolicy("client",
    key_vault_id=example_key_vault.id,
    tenant_id=current.tenant_id,
    object_id=current.object_id,
    key_permissions=[
        "Get",
        "Create",
        "Delete",
        "List",
        "Restore",
        "Recover",
        "UnwrapKey",
        "WrapKey",
        "Purge",
        "Encrypt",
        "Decrypt",
        "Sign",
        "Verify",
        "GetRotationPolicy",
    ],
    secret_permissions=["Get"])
example_key = azure.keyvault.Key("example",
    name="example-kvk",
    key_vault_id=example_key_vault.id,
    key_type="RSA",
    key_size=2048,
    key_opts=[
        "decrypt",
        "encrypt",
        "sign",
        "unwrapKey",
        "verify",
        "wrapKey",
    ],
    opts = pulumi.ResourceOptions(depends_on=[
            user_assigned_identity,
            client,
        ]))
example_volume_group = azure.elasticsan.VolumeGroup("example",
    name="example-esvg",
    elastic_san_id=example_elastic_san.id,
    encryption_type="EncryptionAtRestWithCustomerManagedKey",
    encryption={
        "key_vault_key_id": example_key.versionless_id,
        "user_assigned_identity_id": example_user_assigned_identity.id,
    },
    identity={
        "type": "UserAssigned",
        "identity_ids": [example_user_assigned_identity.id],
    },
    network_rules=[{
        "subnet_id": example_subnet.id,
        "action": "Allow",
    }])
Copy
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/elasticsan"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleElasticSan, err := elasticsan.NewElasticSan(ctx, "example", &elasticsan.ElasticSanArgs{
			Name:              pulumi.String("examplees-es"),
			ResourceGroupName: example.Name,
			Location:          example.Location,
			BaseSizeInTib:     pulumi.Int(1),
			Sku: &elasticsan.ElasticSanSkuArgs{
				Name: pulumi.String("Premium_LRS"),
			},
		})
		if err != nil {
			return err
		}
		current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
			Name:              pulumi.String("example-uai"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
			Name: pulumi.String("example-vnet"),
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
			Location:          example.Location,
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
			Name:               pulumi.String("example-subnet"),
			ResourceGroupName:  example.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
			ServiceEndpoints: pulumi.StringArray{
				pulumi.String("Microsoft.Storage.Global"),
			},
		})
		if err != nil {
			return err
		}
		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
			Name:                     pulumi.String("examplekv"),
			Location:                 example.Location,
			ResourceGroupName:        example.Name,
			EnabledForDiskEncryption: pulumi.Bool(true),
			TenantId:                 pulumi.String(current.TenantId),
			SoftDeleteRetentionDays:  pulumi.Int(7),
			PurgeProtectionEnabled:   pulumi.Bool(true),
			SkuName:                  pulumi.String("standard"),
		})
		if err != nil {
			return err
		}
		userAssignedIdentity, err := keyvault.NewAccessPolicy(ctx, "userAssignedIdentity", &keyvault.AccessPolicyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			TenantId:   pulumi.String(current.TenantId),
			ObjectId:   exampleUserAssignedIdentity.PrincipalId,
			KeyPermissions: pulumi.StringArray{
				pulumi.String("Get"),
				pulumi.String("UnwrapKey"),
				pulumi.String("WrapKey"),
			},
			SecretPermissions: pulumi.StringArray{
				pulumi.String("Get"),
			},
		})
		if err != nil {
			return err
		}
		client, err := keyvault.NewAccessPolicy(ctx, "client", &keyvault.AccessPolicyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			TenantId:   pulumi.String(current.TenantId),
			ObjectId:   pulumi.String(current.ObjectId),
			KeyPermissions: pulumi.StringArray{
				pulumi.String("Get"),
				pulumi.String("Create"),
				pulumi.String("Delete"),
				pulumi.String("List"),
				pulumi.String("Restore"),
				pulumi.String("Recover"),
				pulumi.String("UnwrapKey"),
				pulumi.String("WrapKey"),
				pulumi.String("Purge"),
				pulumi.String("Encrypt"),
				pulumi.String("Decrypt"),
				pulumi.String("Sign"),
				pulumi.String("Verify"),
				pulumi.String("GetRotationPolicy"),
			},
			SecretPermissions: pulumi.StringArray{
				pulumi.String("Get"),
			},
		})
		if err != nil {
			return err
		}
		exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
			Name:       pulumi.String("example-kvk"),
			KeyVaultId: exampleKeyVault.ID(),
			KeyType:    pulumi.String("RSA"),
			KeySize:    pulumi.Int(2048),
			KeyOpts: pulumi.StringArray{
				pulumi.String("decrypt"),
				pulumi.String("encrypt"),
				pulumi.String("sign"),
				pulumi.String("unwrapKey"),
				pulumi.String("verify"),
				pulumi.String("wrapKey"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			userAssignedIdentity,
			client,
		}))
		if err != nil {
			return err
		}
		_, err = elasticsan.NewVolumeGroup(ctx, "example", &elasticsan.VolumeGroupArgs{
			Name:           pulumi.String("example-esvg"),
			ElasticSanId:   exampleElasticSan.ID(),
			EncryptionType: pulumi.String("EncryptionAtRestWithCustomerManagedKey"),
			Encryption: &elasticsan.VolumeGroupEncryptionArgs{
				KeyVaultKeyId:          exampleKey.VersionlessId,
				UserAssignedIdentityId: exampleUserAssignedIdentity.ID(),
			},
			Identity: &elasticsan.VolumeGroupIdentityArgs{
				Type: pulumi.String("UserAssigned"),
				IdentityIds: pulumi.StringArray{
					exampleUserAssignedIdentity.ID(),
				},
			},
			NetworkRules: elasticsan.VolumeGroupNetworkRuleArray{
				&elasticsan.VolumeGroupNetworkRuleArgs{
					SubnetId: exampleSubnet.ID(),
					Action:   pulumi.String("Allow"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-rg",
        Location = "West Europe",
    });

    var exampleElasticSan = new Azure.ElasticSan.ElasticSan("example", new()
    {
        Name = "examplees-es",
        ResourceGroupName = example.Name,
        Location = example.Location,
        BaseSizeInTib = 1,
        Sku = new Azure.ElasticSan.Inputs.ElasticSanSkuArgs
        {
            Name = "Premium_LRS",
        },
    });

    var current = Azure.Core.GetClientConfig.Invoke();

    var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
    {
        Name = "example-uai",
        Location = example.Location,
        ResourceGroupName = example.Name,
    });

    var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
    {
        Name = "example-vnet",
        AddressSpaces = new[]
        {
            "10.0.0.0/16",
        },
        Location = example.Location,
        ResourceGroupName = example.Name,
    });

    var exampleSubnet = new Azure.Network.Subnet("example", new()
    {
        Name = "example-subnet",
        ResourceGroupName = example.Name,
        VirtualNetworkName = exampleVirtualNetwork.Name,
        AddressPrefixes = new[]
        {
            "10.0.1.0/24",
        },
        ServiceEndpoints = new[]
        {
            "Microsoft.Storage.Global",
        },
    });

    var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
    {
        Name = "examplekv",
        Location = example.Location,
        ResourceGroupName = example.Name,
        EnabledForDiskEncryption = true,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        SoftDeleteRetentionDays = 7,
        PurgeProtectionEnabled = true,
        SkuName = "standard",
    });

    var userAssignedIdentity = new Azure.KeyVault.AccessPolicy("userAssignedIdentity", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        ObjectId = exampleUserAssignedIdentity.PrincipalId,
        KeyPermissions = new[]
        {
            "Get",
            "UnwrapKey",
            "WrapKey",
        },
        SecretPermissions = new[]
        {
            "Get",
        },
    });

    var client = new Azure.KeyVault.AccessPolicy("client", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        KeyPermissions = new[]
        {
            "Get",
            "Create",
            "Delete",
            "List",
            "Restore",
            "Recover",
            "UnwrapKey",
            "WrapKey",
            "Purge",
            "Encrypt",
            "Decrypt",
            "Sign",
            "Verify",
            "GetRotationPolicy",
        },
        SecretPermissions = new[]
        {
            "Get",
        },
    });

    var exampleKey = new Azure.KeyVault.Key("example", new()
    {
        Name = "example-kvk",
        KeyVaultId = exampleKeyVault.Id,
        KeyType = "RSA",
        KeySize = 2048,
        KeyOpts = new[]
        {
            "decrypt",
            "encrypt",
            "sign",
            "unwrapKey",
            "verify",
            "wrapKey",
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            userAssignedIdentity,
            client,
        },
    });

    var exampleVolumeGroup = new Azure.ElasticSan.VolumeGroup("example", new()
    {
        Name = "example-esvg",
        ElasticSanId = exampleElasticSan.Id,
        EncryptionType = "EncryptionAtRestWithCustomerManagedKey",
        Encryption = new Azure.ElasticSan.Inputs.VolumeGroupEncryptionArgs
        {
            KeyVaultKeyId = exampleKey.VersionlessId,
            UserAssignedIdentityId = exampleUserAssignedIdentity.Id,
        },
        Identity = new Azure.ElasticSan.Inputs.VolumeGroupIdentityArgs
        {
            Type = "UserAssigned",
            IdentityIds = new[]
            {
                exampleUserAssignedIdentity.Id,
            },
        },
        NetworkRules = new[]
        {
            new Azure.ElasticSan.Inputs.VolumeGroupNetworkRuleArgs
            {
                SubnetId = exampleSubnet.Id,
                Action = "Allow",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.elasticsan.ElasticSan;
import com.pulumi.azure.elasticsan.ElasticSanArgs;
import com.pulumi.azure.elasticsan.inputs.ElasticSanSkuArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.elasticsan.VolumeGroup;
import com.pulumi.azure.elasticsan.VolumeGroupArgs;
import com.pulumi.azure.elasticsan.inputs.VolumeGroupEncryptionArgs;
import com.pulumi.azure.elasticsan.inputs.VolumeGroupIdentityArgs;
import com.pulumi.azure.elasticsan.inputs.VolumeGroupNetworkRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-rg")
            .location("West Europe")
            .build());

        var exampleElasticSan = new ElasticSan("exampleElasticSan", ElasticSanArgs.builder()
            .name("examplees-es")
            .resourceGroupName(example.name())
            .location(example.location())
            .baseSizeInTib(1)
            .sku(ElasticSanSkuArgs.builder()
                .name("Premium_LRS")
                .build())
            .build());

        final var current = CoreFunctions.getClientConfig();

        var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
            .name("example-uai")
            .location(example.location())
            .resourceGroupName(example.name())
            .build());

        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .name("example-vnet")
            .addressSpaces("10.0.0.0/16")
            .location(example.location())
            .resourceGroupName(example.name())
            .build());

        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
            .name("example-subnet")
            .resourceGroupName(example.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.1.0/24")
            .serviceEndpoints("Microsoft.Storage.Global")
            .build());

        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .name("examplekv")
            .location(example.location())
            .resourceGroupName(example.name())
            .enabledForDiskEncryption(true)
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .softDeleteRetentionDays(7)
            .purgeProtectionEnabled(true)
            .skuName("standard")
            .build());

        var userAssignedIdentity = new AccessPolicy("userAssignedIdentity", AccessPolicyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(exampleUserAssignedIdentity.principalId())
            .keyPermissions(            
                "Get",
                "UnwrapKey",
                "WrapKey")
            .secretPermissions("Get")
            .build());

        var client = new AccessPolicy("client", AccessPolicyArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .keyPermissions(            
                "Get",
                "Create",
                "Delete",
                "List",
                "Restore",
                "Recover",
                "UnwrapKey",
                "WrapKey",
                "Purge",
                "Encrypt",
                "Decrypt",
                "Sign",
                "Verify",
                "GetRotationPolicy")
            .secretPermissions("Get")
            .build());

        var exampleKey = new Key("exampleKey", KeyArgs.builder()
            .name("example-kvk")
            .keyVaultId(exampleKeyVault.id())
            .keyType("RSA")
            .keySize(2048)
            .keyOpts(            
                "decrypt",
                "encrypt",
                "sign",
                "unwrapKey",
                "verify",
                "wrapKey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    userAssignedIdentity,
                    client)
                .build());

        var exampleVolumeGroup = new VolumeGroup("exampleVolumeGroup", VolumeGroupArgs.builder()
            .name("example-esvg")
            .elasticSanId(exampleElasticSan.id())
            .encryptionType("EncryptionAtRestWithCustomerManagedKey")
            .encryption(VolumeGroupEncryptionArgs.builder()
                .keyVaultKeyId(exampleKey.versionlessId())
                .userAssignedIdentityId(exampleUserAssignedIdentity.id())
                .build())
            .identity(VolumeGroupIdentityArgs.builder()
                .type("UserAssigned")
                .identityIds(exampleUserAssignedIdentity.id())
                .build())
            .networkRules(VolumeGroupNetworkRuleArgs.builder()
                .subnetId(exampleSubnet.id())
                .action("Allow")
                .build())
            .build());

    }
}
Copy
resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-rg
      location: West Europe
  exampleElasticSan:
    type: azure:elasticsan:ElasticSan
    name: example
    properties:
      name: examplees-es
      resourceGroupName: ${example.name}
      location: ${example.location}
      baseSizeInTib: 1
      sku:
        name: Premium_LRS
  exampleUserAssignedIdentity:
    type: azure:authorization:UserAssignedIdentity
    name: example
    properties:
      name: example-uai
      location: ${example.location}
      resourceGroupName: ${example.name}
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    name: example
    properties:
      name: example-vnet
      addressSpaces:
        - 10.0.0.0/16
      location: ${example.location}
      resourceGroupName: ${example.name}
  exampleSubnet:
    type: azure:network:Subnet
    name: example
    properties:
      name: example-subnet
      resourceGroupName: ${example.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.1.0/24
      serviceEndpoints:
        - Microsoft.Storage.Global
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    name: example
    properties:
      name: examplekv
      location: ${example.location}
      resourceGroupName: ${example.name}
      enabledForDiskEncryption: true
      tenantId: ${current.tenantId}
      softDeleteRetentionDays: 7
      purgeProtectionEnabled: true
      skuName: standard
  userAssignedIdentity:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${exampleUserAssignedIdentity.principalId}
      keyPermissions:
        - Get
        - UnwrapKey
        - WrapKey
      secretPermissions:
        - Get
  client:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${current.objectId}
      keyPermissions:
        - Get
        - Create
        - Delete
        - List
        - Restore
        - Recover
        - UnwrapKey
        - WrapKey
        - Purge
        - Encrypt
        - Decrypt
        - Sign
        - Verify
        - GetRotationPolicy
      secretPermissions:
        - Get
  exampleKey:
    type: azure:keyvault:Key
    name: example
    properties:
      name: example-kvk
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - decrypt
        - encrypt
        - sign
        - unwrapKey
        - verify
        - wrapKey
    options:
      dependsOn:
        - ${userAssignedIdentity}
        - ${client}
  exampleVolumeGroup:
    type: azure:elasticsan:VolumeGroup
    name: example
    properties:
      name: example-esvg
      elasticSanId: ${exampleElasticSan.id}
      encryptionType: EncryptionAtRestWithCustomerManagedKey
      encryption:
        keyVaultKeyId: ${exampleKey.versionlessId}
        userAssignedIdentityId: ${exampleUserAssignedIdentity.id}
      identity:
        type: UserAssigned
        identityIds:
          - ${exampleUserAssignedIdentity.id}
      networkRules:
        - subnetId: ${exampleSubnet.id}
          action: Allow
variables:
  current:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}
Copy

Create VolumeGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VolumeGroup(name: string, args: VolumeGroupArgs, opts?: CustomResourceOptions);
@overload
def VolumeGroup(resource_name: str,
                args: VolumeGroupArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def VolumeGroup(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                elastic_san_id: Optional[str] = None,
                encryption: Optional[VolumeGroupEncryptionArgs] = None,
                encryption_type: Optional[str] = None,
                identity: Optional[VolumeGroupIdentityArgs] = None,
                name: Optional[str] = None,
                network_rules: Optional[Sequence[VolumeGroupNetworkRuleArgs]] = None,
                protocol_type: Optional[str] = None)
func NewVolumeGroup(ctx *Context, name string, args VolumeGroupArgs, opts ...ResourceOption) (*VolumeGroup, error)
public VolumeGroup(string name, VolumeGroupArgs args, CustomResourceOptions? opts = null)
public VolumeGroup(String name, VolumeGroupArgs args)
public VolumeGroup(String name, VolumeGroupArgs args, CustomResourceOptions options)
type: azure:elasticsan:VolumeGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. VolumeGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. VolumeGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. VolumeGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. VolumeGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. VolumeGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var volumeGroupResource = new Azure.ElasticSan.VolumeGroup("volumeGroupResource", new()
{
    ElasticSanId = "string",
    Encryption = new Azure.ElasticSan.Inputs.VolumeGroupEncryptionArgs
    {
        KeyVaultKeyId = "string",
        CurrentVersionedKeyExpirationTimestamp = "string",
        CurrentVersionedKeyId = "string",
        LastKeyRotationTimestamp = "string",
        UserAssignedIdentityId = "string",
    },
    EncryptionType = "string",
    Identity = new Azure.ElasticSan.Inputs.VolumeGroupIdentityArgs
    {
        Type = "string",
        IdentityIds = new[]
        {
            "string",
        },
        PrincipalId = "string",
        TenantId = "string",
    },
    Name = "string",
    NetworkRules = new[]
    {
        new Azure.ElasticSan.Inputs.VolumeGroupNetworkRuleArgs
        {
            SubnetId = "string",
            Action = "string",
        },
    },
    ProtocolType = "string",
});
Copy
example, err := elasticsan.NewVolumeGroup(ctx, "volumeGroupResource", &elasticsan.VolumeGroupArgs{
	ElasticSanId: pulumi.String("string"),
	Encryption: &elasticsan.VolumeGroupEncryptionArgs{
		KeyVaultKeyId:                          pulumi.String("string"),
		CurrentVersionedKeyExpirationTimestamp: pulumi.String("string"),
		CurrentVersionedKeyId:                  pulumi.String("string"),
		LastKeyRotationTimestamp:               pulumi.String("string"),
		UserAssignedIdentityId:                 pulumi.String("string"),
	},
	EncryptionType: pulumi.String("string"),
	Identity: &elasticsan.VolumeGroupIdentityArgs{
		Type: pulumi.String("string"),
		IdentityIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		PrincipalId: pulumi.String("string"),
		TenantId:    pulumi.String("string"),
	},
	Name: pulumi.String("string"),
	NetworkRules: elasticsan.VolumeGroupNetworkRuleArray{
		&elasticsan.VolumeGroupNetworkRuleArgs{
			SubnetId: pulumi.String("string"),
			Action:   pulumi.String("string"),
		},
	},
	ProtocolType: pulumi.String("string"),
})
Copy
var volumeGroupResource = new VolumeGroup("volumeGroupResource", VolumeGroupArgs.builder()
    .elasticSanId("string")
    .encryption(VolumeGroupEncryptionArgs.builder()
        .keyVaultKeyId("string")
        .currentVersionedKeyExpirationTimestamp("string")
        .currentVersionedKeyId("string")
        .lastKeyRotationTimestamp("string")
        .userAssignedIdentityId("string")
        .build())
    .encryptionType("string")
    .identity(VolumeGroupIdentityArgs.builder()
        .type("string")
        .identityIds("string")
        .principalId("string")
        .tenantId("string")
        .build())
    .name("string")
    .networkRules(VolumeGroupNetworkRuleArgs.builder()
        .subnetId("string")
        .action("string")
        .build())
    .protocolType("string")
    .build());
Copy
volume_group_resource = azure.elasticsan.VolumeGroup("volumeGroupResource",
    elastic_san_id="string",
    encryption={
        "key_vault_key_id": "string",
        "current_versioned_key_expiration_timestamp": "string",
        "current_versioned_key_id": "string",
        "last_key_rotation_timestamp": "string",
        "user_assigned_identity_id": "string",
    },
    encryption_type="string",
    identity={
        "type": "string",
        "identity_ids": ["string"],
        "principal_id": "string",
        "tenant_id": "string",
    },
    name="string",
    network_rules=[{
        "subnet_id": "string",
        "action": "string",
    }],
    protocol_type="string")
Copy
const volumeGroupResource = new azure.elasticsan.VolumeGroup("volumeGroupResource", {
    elasticSanId: "string",
    encryption: {
        keyVaultKeyId: "string",
        currentVersionedKeyExpirationTimestamp: "string",
        currentVersionedKeyId: "string",
        lastKeyRotationTimestamp: "string",
        userAssignedIdentityId: "string",
    },
    encryptionType: "string",
    identity: {
        type: "string",
        identityIds: ["string"],
        principalId: "string",
        tenantId: "string",
    },
    name: "string",
    networkRules: [{
        subnetId: "string",
        action: "string",
    }],
    protocolType: "string",
});
Copy
type: azure:elasticsan:VolumeGroup
properties:
    elasticSanId: string
    encryption:
        currentVersionedKeyExpirationTimestamp: string
        currentVersionedKeyId: string
        keyVaultKeyId: string
        lastKeyRotationTimestamp: string
        userAssignedIdentityId: string
    encryptionType: string
    identity:
        identityIds:
            - string
        principalId: string
        tenantId: string
        type: string
    name: string
    networkRules:
        - action: string
          subnetId: string
    protocolType: string
Copy

VolumeGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VolumeGroup resource accepts the following input properties:

ElasticSanId
This property is required.
Changes to this property will trigger replacement.
string
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
Encryption VolumeGroupEncryption

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

EncryptionType string
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
Identity VolumeGroupIdentity
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
Name Changes to this property will trigger replacement. string
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
NetworkRules List<VolumeGroupNetworkRule>
One or more network_rule blocks as defined below.
ProtocolType string
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
ElasticSanId
This property is required.
Changes to this property will trigger replacement.
string
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
Encryption VolumeGroupEncryptionArgs

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

EncryptionType string
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
Identity VolumeGroupIdentityArgs
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
Name Changes to this property will trigger replacement. string
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
NetworkRules []VolumeGroupNetworkRuleArgs
One or more network_rule blocks as defined below.
ProtocolType string
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elasticSanId
This property is required.
Changes to this property will trigger replacement.
String
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption VolumeGroupEncryption

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryptionType String
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity VolumeGroupIdentity
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. String
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
networkRules List<VolumeGroupNetworkRule>
One or more network_rule blocks as defined below.
protocolType String
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elasticSanId
This property is required.
Changes to this property will trigger replacement.
string
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption VolumeGroupEncryption

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryptionType string
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity VolumeGroupIdentity
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. string
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
networkRules VolumeGroupNetworkRule[]
One or more network_rule blocks as defined below.
protocolType string
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elastic_san_id
This property is required.
Changes to this property will trigger replacement.
str
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption VolumeGroupEncryptionArgs

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryption_type str
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity VolumeGroupIdentityArgs
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. str
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
network_rules Sequence[VolumeGroupNetworkRuleArgs]
One or more network_rule blocks as defined below.
protocol_type str
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elasticSanId
This property is required.
Changes to this property will trigger replacement.
String
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption Property Map

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryptionType String
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity Property Map
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. String
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
networkRules List<Property Map>
One or more network_rule blocks as defined below.
protocolType String
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.

Outputs

All input properties are implicitly available as output properties. Additionally, the VolumeGroup resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing VolumeGroup Resource

Get an existing VolumeGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VolumeGroupState, opts?: CustomResourceOptions): VolumeGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        elastic_san_id: Optional[str] = None,
        encryption: Optional[VolumeGroupEncryptionArgs] = None,
        encryption_type: Optional[str] = None,
        identity: Optional[VolumeGroupIdentityArgs] = None,
        name: Optional[str] = None,
        network_rules: Optional[Sequence[VolumeGroupNetworkRuleArgs]] = None,
        protocol_type: Optional[str] = None) -> VolumeGroup
func GetVolumeGroup(ctx *Context, name string, id IDInput, state *VolumeGroupState, opts ...ResourceOption) (*VolumeGroup, error)
public static VolumeGroup Get(string name, Input<string> id, VolumeGroupState? state, CustomResourceOptions? opts = null)
public static VolumeGroup get(String name, Output<String> id, VolumeGroupState state, CustomResourceOptions options)
resources:  _:    type: azure:elasticsan:VolumeGroup    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ElasticSanId Changes to this property will trigger replacement. string
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
Encryption VolumeGroupEncryption

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

EncryptionType string
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
Identity VolumeGroupIdentity
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
Name Changes to this property will trigger replacement. string
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
NetworkRules List<VolumeGroupNetworkRule>
One or more network_rule blocks as defined below.
ProtocolType string
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
ElasticSanId Changes to this property will trigger replacement. string
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
Encryption VolumeGroupEncryptionArgs

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

EncryptionType string
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
Identity VolumeGroupIdentityArgs
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
Name Changes to this property will trigger replacement. string
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
NetworkRules []VolumeGroupNetworkRuleArgs
One or more network_rule blocks as defined below.
ProtocolType string
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elasticSanId Changes to this property will trigger replacement. String
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption VolumeGroupEncryption

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryptionType String
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity VolumeGroupIdentity
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. String
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
networkRules List<VolumeGroupNetworkRule>
One or more network_rule blocks as defined below.
protocolType String
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elasticSanId Changes to this property will trigger replacement. string
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption VolumeGroupEncryption

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryptionType string
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity VolumeGroupIdentity
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. string
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
networkRules VolumeGroupNetworkRule[]
One or more network_rule blocks as defined below.
protocolType string
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elastic_san_id Changes to this property will trigger replacement. str
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption VolumeGroupEncryptionArgs

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryption_type str
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity VolumeGroupIdentityArgs
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. str
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
network_rules Sequence[VolumeGroupNetworkRuleArgs]
One or more network_rule blocks as defined below.
protocol_type str
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.
elasticSanId Changes to this property will trigger replacement. String
Specifies the Elastic SAN ID within which this Elastic SAN Volume Group should exist. Changing this forces a new resource to be created.
encryption Property Map

An encryption block as defined below.

NOTE: The encryption block can only be set when encryption_type is set to EncryptionAtRestWithCustomerManagedKey.

encryptionType String
Specifies the type of the key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerManagedKey and EncryptionAtRestWithPlatformKey. Defaults to EncryptionAtRestWithPlatformKey.
identity Property Map
An identity block as defined below. Specifies the Managed Identity which should be assigned to this Elastic SAN Volume Group.
name Changes to this property will trigger replacement. String
Specifies the name of this Elastic SAN Volume Group. Changing this forces a new resource to be created.
networkRules List<Property Map>
One or more network_rule blocks as defined below.
protocolType String
Specifies the type of the storage target. The only possible value is Iscsi. Defaults to Iscsi.

Supporting Types

VolumeGroupEncryption
, VolumeGroupEncryptionArgs

KeyVaultKeyId This property is required. string
The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI.
CurrentVersionedKeyExpirationTimestamp string
The timestamp of the expiration time for the current version of the customer managed key.
CurrentVersionedKeyId string
The ID of the current versioned Key Vault Key in use.
LastKeyRotationTimestamp string
The timestamp of the last rotation of the Key Vault Key.
UserAssignedIdentityId string
The ID of the User Assigned Identity used by this Elastic SAN Volume Group.
KeyVaultKeyId This property is required. string
The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI.
CurrentVersionedKeyExpirationTimestamp string
The timestamp of the expiration time for the current version of the customer managed key.
CurrentVersionedKeyId string
The ID of the current versioned Key Vault Key in use.
LastKeyRotationTimestamp string
The timestamp of the last rotation of the Key Vault Key.
UserAssignedIdentityId string
The ID of the User Assigned Identity used by this Elastic SAN Volume Group.
keyVaultKeyId This property is required. String
The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI.
currentVersionedKeyExpirationTimestamp String
The timestamp of the expiration time for the current version of the customer managed key.
currentVersionedKeyId String
The ID of the current versioned Key Vault Key in use.
lastKeyRotationTimestamp String
The timestamp of the last rotation of the Key Vault Key.
userAssignedIdentityId String
The ID of the User Assigned Identity used by this Elastic SAN Volume Group.
keyVaultKeyId This property is required. string
The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI.
currentVersionedKeyExpirationTimestamp string
The timestamp of the expiration time for the current version of the customer managed key.
currentVersionedKeyId string
The ID of the current versioned Key Vault Key in use.
lastKeyRotationTimestamp string
The timestamp of the last rotation of the Key Vault Key.
userAssignedIdentityId string
The ID of the User Assigned Identity used by this Elastic SAN Volume Group.
key_vault_key_id This property is required. str
The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI.
current_versioned_key_expiration_timestamp str
The timestamp of the expiration time for the current version of the customer managed key.
current_versioned_key_id str
The ID of the current versioned Key Vault Key in use.
last_key_rotation_timestamp str
The timestamp of the last rotation of the Key Vault Key.
user_assigned_identity_id str
The ID of the User Assigned Identity used by this Elastic SAN Volume Group.
keyVaultKeyId This property is required. String
The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI.
currentVersionedKeyExpirationTimestamp String
The timestamp of the expiration time for the current version of the customer managed key.
currentVersionedKeyId String
The ID of the current versioned Key Vault Key in use.
lastKeyRotationTimestamp String
The timestamp of the last rotation of the Key Vault Key.
userAssignedIdentityId String
The ID of the User Assigned Identity used by this Elastic SAN Volume Group.

VolumeGroupIdentity
, VolumeGroupIdentityArgs

Type This property is required. string
Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are SystemAssigned and UserAssigned.
IdentityIds List<string>
A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group.
PrincipalId string
The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group.
TenantId string
The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group.
Type This property is required. string
Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are SystemAssigned and UserAssigned.
IdentityIds []string
A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group.
PrincipalId string
The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group.
TenantId string
The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group.
type This property is required. String
Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are SystemAssigned and UserAssigned.
identityIds List<String>
A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group.
principalId String
The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group.
tenantId String
The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group.
type This property is required. string
Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are SystemAssigned and UserAssigned.
identityIds string[]
A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group.
principalId string
The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group.
tenantId string
The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group.
type This property is required. str
Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are SystemAssigned and UserAssigned.
identity_ids Sequence[str]
A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group.
principal_id str
The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group.
tenant_id str
The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group.
type This property is required. String
Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are SystemAssigned and UserAssigned.
identityIds List<String>
A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group.
principalId String
The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group.
tenantId String
The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group.

VolumeGroupNetworkRule
, VolumeGroupNetworkRuleArgs

SubnetId This property is required. string
The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group.
Action string
The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is Allow. Defaults to Allow.
SubnetId This property is required. string
The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group.
Action string
The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is Allow. Defaults to Allow.
subnetId This property is required. String
The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group.
action String
The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is Allow. Defaults to Allow.
subnetId This property is required. string
The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group.
action string
The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is Allow. Defaults to Allow.
subnet_id This property is required. str
The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group.
action str
The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is Allow. Defaults to Allow.
subnetId This property is required. String
The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group.
action String
The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is Allow. Defaults to Allow.

Import

An existing Elastic SAN Volume Group can be imported into Pulumi using the resource id, e.g.

$ pulumi import azure:elasticsan/volumeGroup:VolumeGroup example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ElasticSan/elasticSans/esan1/volumeGroups/vg1
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.