Azure storage enable encryption in ARM

Question

I am trying to enable encryption in azure storage during its creation time through ARM. This is the simple storage resource I have.

{
  "$schema": "https://schema.management.azure.com/schemas/2016-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
  "storageAccountName": {
  "type": "String"
},
  "storageAccountType": {
  "type": "string",
  "defaultValue": "Standard_LRS",
  }
},
  "variables": {
  "defaultApiVersion": "2016-01-01"
 },
"resources": [
{
  "type": "Microsoft.Storage/storageAccounts",
  "name": "[parameters('StorageAccountName')]",
  "apiVersion": "[variables('defaultApiVersion')]",
  "location": "[resourceGroup().location]",
  "sku": {
    "name": "[parameters('storageAccountType')]"
  },
  "properties": {
    "properties": {
      "encryption": {
            "keySource": "Microsoft.Storage",
            "services": {
                "blob": {
                    "enabled": true
                }
            }
        }
    }
  }
}
]
}

Which giving me following error

New-AzureRmResourceGroupDeployment : 8:21:59 AM - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'Template schema 'https://schema.management.azure.com/schemas/2016-01-01/deploymentTemplate.json#' is not supported. Supported versions are '2014-04-01-preview,2015-01-01'.

Then I change the schema url to https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#

then got New-AzureRmResourceGroupDeployment : 8:26:40 AM - Error: Code=InvalidTemplateDeployment; Message=The template deployment 'myencryptedstorage' is not valid according to the validation procedure.

Anyone know whats is the right way to do this ?

Answer 1

I have copied your json file to Visual Studio. It give me the following error message:

I think this may be your issue.

I have tested use New-AzureRmResourceGroupDeployment to create Azure storage with encryption enabled. The following is my source code:

PowerShell Command:

New-AzureRmResourceGroupDeployment -ResourceGroupName jarg -TemplateFile E:\createstoragearm.json - TemplateParameterFile E:\parameter.json

createstoragearm.json

{

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

  "contentVersion": "1.0.0.0",

  "parameters": {
    "storageAccountName": {
      "type": "string"
    },
    "storageAccountType": {

      "type": "string",

      "defaultValue": "Standard_LRS",

      "allowedValues": [

        "Standard_LRS",

        "Standard_GRS",

        "Standard_ZRS",

        "Premium_LRS"

      ],

      "metadata": {

        "description": "Storage Account type"

      }

    }

  },

  "variables": {

    "storageAccountName": "[parameters('storageAccountName')]"

  },

  "resources": [

    {

      "type": "Microsoft.Storage/storageAccounts",

      "name": "[variables('storageAccountName')]",

      "apiVersion": "2016-01-01",

      "location": "[resourceGroup().location]",

      "sku": {

        "name": "[parameters('storageAccountType')]"

      },

      "kind": "Storage",

      "properties": {
        "encryption": {
          "services": {
            "blob": {
              "enabled": true
            }
          },
          "keySource": "Microsoft.Storage"
        }
      }

    }

  ],

  "outputs": {

    "storageAccountName": {

      "type": "string",

      "value": "[variables('storageAccountName')]"

    }


  }

}

parameter.json

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "StorageAccountName": {
      "value": "jaarmtest1"
    },

    "StorageAccountType": {
      "value": "Standard_LRS"
    }

  }
}

The Result

Answer 2

As far as the invalid template error goes I notice you do have properties listed twice:

"properties": { "properties": {

You can reference this link to find the valid schema: https://msdn.microsoft.com/en-us/library/azure/mt163564.aspx