This project provisions an Azure Storage Account with SFTP capabilities using Terraform. It creates a secure SFTP endpoint for file transfers using Azure Blob Storage with hierarchical namespace enabled.
This Terraform configuration deploys:
- Azure Resource Group with CAF-compliant naming
- Premium BlockBlobStorage Account with SFTP enabled
- Storage container for SFTP root directory
- Local user with password authentication for SFTP access
├── main.tf # Main Terraform configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── .terraform.lock.hcl # Terraform dependency lock file
├── .gitignore # Git ignore rules
└── .devcontainer/ # VS Code dev container configuration
└── devcontainer.json
The following variables can be customized in variables.tf or by creating a terraform.tfvars file:
| Variable | Description | Default |
|---|---|---|
azure_subscription_id |
Required. Azure subscription ID | (none) |
location |
Azure region for resources | UK South |
container_name |
Name of the storage container | sftp-root |
sftp_local_user |
Username for SFTP access | extpartner1 |
account_replication_type |
Storage replication type (LRS/ZRS) | LRS |
tag_environment |
Environment tag | Testing |
tag_project |
Project tag | SFTP |
tag_creator |
Creator tag | TechieLass |
azure_subscription_id = "00000000-0000-0000-0000-000000000000" # Replace with your Azure Subscription ID
location = "East US"
container_name = "my-sftp-container"
sftp_local_user = "myuser"
account_replication_type = "ZRS"After deployment, Terraform will output:
storage_account_name- The name of the created storage accountsftp_host- SFTP endpoint hostnamesftp_username- Full SFTP username for connectionsftp_password- Password for SFTP authentication (sensitive)
To view the SFTP password after deployment:
terraform output -raw sftp_passwordUse any SFTP client with the following connection details:
- Host:
<storage_account_name>.blob.core.windows.net - Port: 22 (default SFTP port)
- Username:
<storage_account>.<container>.<local_user> - Password: Retrieved from Terraform output (password authentication is enabled by default)
sftp <username>@<host>This project includes a dev container configuration (.devcontainer/devcontainer.json) that provides a consistent development environment with all required tools pre-installed. The dev container can be used in:
- GitHub Codespaces: Cloud-based development environment accessible from any browser
- VS Code with Dev Containers: Local development with Docker-based containerization
The dev container includes:
- Ubuntu base image
- Azure CLI with Bicep support
- Terraform (latest version)
- Git with default branch set to
main
To use the dev container within VS Code:
- Install VS Code and the Dev Containers extension
- Open the project in VS Code
- When prompted, reopen in container
- Be sure to set your
azure_subscription_idvariable in yourterraform.tfvarsor as an environment variable before running Terraform commands.
- The storage account enforces HTTPS-only connections
- Public blob access is disabled
- SFTP access requires authentication
- Consider using SSH key authentication instead of passwords for production
- Store sensitive outputs securely and never commit passwords to version control
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
Written by: Sarah Lean
Find me on:
- My Blog: https://www.techielass.com
- Twitter: https://twitter.com/techielass
- LinkedIn: http://uk.linkedin.com/in/sazlean
- Uses Azure/naming Terraform module for CAF-compliant resource naming
- Built with Terraform and Azure Resource Manager