Add soft delete to workspace storage account

Fixes #4385 Add soft delete configuration to Workspace storage accounts. * Add `blob_properties` block with `delete_retention_policy` and `container_delete_retention_policy` settings to `azurerm_storage_account` resource in `templates/workspaces/base/terraform/storage.tf`. * Add `file_properties` block with `delete_retention_policy` settings to `azurerm_storage_account` resource in `templates/workspaces/base/terraform/storage.tf`. --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/microsoft/AzureTRE/issues/4385?shareId=XXXX-XXXX-XXXX-XXXX).
microsoft · Feb 21, 2025 · d049ce2 · d049ce2
1 parent 5c7d725
commit d049ce2
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/templates/workspaces/base/terraform/storage.tf b/templates/workspaces/base/terraform/storage.tf
@@ -31,6 +31,21 @@ resource "azurerm_storage_account" "stg" {
   infrastructure_encryption_enabled = true
 
   lifecycle { ignore_changes = [infrastructure_encryption_enabled, tags] }
+
+  blob_properties {
+    delete_retention_policy {
+      days = 7
+    }
+    container_delete_retention_policy {
+      days = 7
+    }
+  }
+
+  file_properties {
+    delete_retention_policy {
+      days = 7
+    }
+  }
 }
 
 # Using AzAPI as AzureRM uses shared account key for Azure files operations