Add Azure Blob Storage module by Copilot · Pull Request #31 · llamandcoco/infra-modules

Copilot · 2025-12-18T22:23:33Z

Type of Change

Checklist

CI checks passed (terraform validate / tflint / trivy / terraform-docs)
No breaking changes, or breaking changes are documented

Module Information

Module Path: terraform/azure

Purpose:
Production-ready Azure Blob Storage (Storage Account + Container) module following S3 reference implementation patterns. Secure defaults: HTTPS-only, TLS 1.2, infrastructure encryption, versioning, soft delete.

Key Resources:

azurerm_storage_account - Storage account with blob properties, network rules, CMK encryption support
azurerm_storage_container - Blob container with configurable access levels
azurerm_storage_management_policy - Lifecycle rules for Cool/Archive tiering

Additional Notes

Azure provider authentication differs from AWS mock pattern - tests require valid credentials (az login or ARM_* environment variables) to run terraform plan.

Complex lifecycle rule type structure mirrors Azure's API. Long property names (e.g., tier_to_cool_after_days_since_modification_greater_than) match official Azure resource schema.

Module includes 25+ variables with validation, 25+ outputs (sensitive values marked), and 6 test scenarios covering: basic, CMK encryption, lifecycle management, network restrictions, geo-replication, minimal config.

Usage example:

module "storage" {
  source = "github.com/your-org/infra-modules//terraform/azure?ref=v1.0.0"

  storage_account_name = "mystorageacct123"
  resource_group_name  = "my-rg"
  location             = "eastus"
  container_name       = "data"

  # Optional: Customer-managed encryption
  customer_managed_key_vault_key_id = azurerm_key_vault_key.storage.id

  # Optional: Lifecycle tiering
  lifecycle_rules = [{
    name       = "archive-logs"
    enabled    = true
    blob_types = ["blockBlob"]
    base_blob_actions = {
      tier_to_cool_after_days    = 30
      tier_to_archive_after_days = 90
    }
  }]
}

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

checkpoint-api.hashicorp.com
- Triggering command: /usr/local/bin/terraform terraform version (dns block)
- Triggering command: /usr/local/bin/terraform terraform fmt -recursive /home/REDACTED/work/infra-modules/infra-modules/terraform/azure/ (dns block)
- Triggering command: /usr/local/bin/terraform terraform init -backend=false (dns block)
get.trivy.dev
- Triggering command: /usr/bin/curl curl -w %{http_code} -sL -o /tmp/tmp.AmQsvf41Se/trivy_0.68.2_Linux-64bit.tar.gz REDACTED (dns block)
https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/tags/v0.31.0
- Triggering command: /usr/local/bin/tflint tflint --init --config=terraform/.tflint.hcl (http block)
login.microsoftonline.com
- Triggering command: .terraform/providers/registry.terraform.io/hashicorp/azurerm/3.117.1/linux_amd64/terraform-provider-azurerm_v3.117.1_x5 .terraform/providers/registry.terraform.io/hashicorp/azurerm/3.117.1/linux_amd64/terraform-provider-azurerm_v3.117.1_x5 (dns block)
mirror.gcr.io
- Triggering command: /usr/local/bin/trivy trivy config terraform/azure/ --severity MEDIUM,HIGH,CRITICAL --quiet (dns block)
- Triggering command: /usr/local/bin/trivy trivy config terraform/azure/ --severity MEDIUM,HIGH,CRITICAL --quiet 6668548+llama90@users.noreply.github.com> (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Create production-ready Terraform code for Azure Object Storage (Blob Storage) under terraform/azure/, using terraform/s3/ as the reference implementation.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Co-authored-by: llama90 <6668548+llama90@users.noreply.github.com>

github-actions · 2025-12-19T22:20:20Z

🔍 Terraform Check Results

📊 Summary

✅ All checks passed!

Check	Status	Issues	Scope
🖌 Format	✅ success	-	All modules
🤖 Validate	✅ success	-	All modules
🔍 TFLint	✅ success	0 issue(s)	`terraform`
🔒 Trivy	✅ success	0 critical, 0 high, 16 medium	`terraform`

🔍 TFLint Details (0 issue(s))

Running TFLint on changed modules:
terraform

=== Checking terraform ===

🔒 Trivy Security Details (16 issue(s))

Running Trivy on changed modules:
terraform

=== Scanning terraform ===

Report Summary

┌─────────────────────────────────────────┬───────────┬───────────────────┐
│                 Target                  │   Type    │ Misconfigurations │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ _template/tests/basic                   │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ api_gateway/main.tf                     │ terraform │         6         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ api_gateway/tests/basic                 │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ azure/tests/basic                       │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ cloudtrail/tests/basic                  │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ dynamodb/tests/advanced                 │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ dynamodb/tests/basic                    │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ ecr/main.tf                             │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ ecr/tests/basic                         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eks/main.tf                             │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eks/tests/basic                         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/basic                 │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/basic/main.tf         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/cross_account         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/cross_account/main.tf │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/pattern               │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/scheduled             │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ eventbridge/tests/scheduled/main.tf     │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ internet_gateway/tests/basic            │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ lambda/main.tf                          │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ lambda/tests/basic                      │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ lambda/tests/go                         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ lambda/tests/python                     │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ lambda/tests/typescript                 │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ nat_gateway/tests/basic                 │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ parameter-store/tests/basic             │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ route_table/tests/basic                 │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ s3/main.tf                              │ terraform │         1         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ s3/tests/basic                          │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ scp/tests/basic                         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ security_group/main.tf                  │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ security_group/tests/basic              │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ sqs/tests/basic                         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ stack/audit-logging/tests/basic         │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ stack/networking/tests/basic            │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ stack/networking/tests/no-nat           │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ stack/networking/tests/single-nat       │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ subnet/main.tf                          │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ subnet/tests/basic                      │ terraform │         0         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ vpc/main.tf                             │ terraform │         9         │
├─────────────────────────────────────────┼───────────┼───────────────────┤
│ vpc/tests/basic                         │ terraform │         0         │
└─────────────────────────────────────────┴───────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


api_gateway/main.tf (terraform)
===============================
Tests: 6 (SUCCESSES: 0, FAILURES: 6)
Failures: 6 (MEDIUM: 6, HIGH: 0, CRITICAL: 0)

AVD-AWS-0001 (MEDIUM): Access logging is not configured.
════════════════════════════════════════
API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.


See https://avd.aquasec.com/misconfig/avd-aws-0001
────────────────────────────────────────
 api_gateway/main.tf:315-346
   via api_gateway/tests/basic/main.tf:29-57 (module.basic_api)
────────────────────────────────────────
 315 ┌ resource "aws_api_gateway_stage" "this" {
 316 │   rest_api_id   = aws_api_gateway_rest_api.this.id
 317 │   deployment_id = aws_api_gateway_deployment.this.id
 318 │   stage_name    = var.stage_name
 319 │   description   = var.stage_description
 320 │ 
 321 │   xray_tracing_enabled  = var.xray_tracing_enabled
 322 │   cache_cluster_enabled = var.cache_cluster_enabled
 323 └   cache_cluster_size    = var.cache_cluster_size
 ...   
────────────────────────────────────────


AVD-AWS-0001 (MEDIUM): Access logging is not configured.
════════════════════════════════════════
API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.


See https://avd.aquasec.com/misconfig/avd-aws-0001
────────────────────────────────────────
 api_gateway/main.tf:315-346
   via api_gateway/tests/basic/main.tf:350-381 (module.cached_api)
────────────────────────────────────────
 315 ┌ resource "aws_api_gateway_stage" "this" {
 316 │   rest_api_id   = aws_api_gateway_rest_api.this.id
 317 │   deployment_id = aws_api_gateway_deployment.this.id
 318 │   stage_name    = var.stage_name
 319 │   description   = var.stage_description
 320 │ 
 321 │   xray_tracing_enabled  = var.xray_tracing_enabled
 322 │   cache_cluster_enabled = var.cache_cluster_enabled
 323 └   cache_cluster_size    = var.cache_cluster_size
 ...   
────────────────────────────────────────


AVD-AWS-0001 (MEDIUM): Access logging is not configured.
════════════════════════════════════════
API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.


See https://avd.aquasec.com/misconfig/avd-aws-0001
────────────────────────────────────────
 api_gateway/main.tf:315-346
   via api_gateway/tests/basic/main.tf:388-457 (module.custom_responses_api)
────────────────────────────────────────
 315 ┌ resource "aws_api_gateway_stage" "this" {
 316 │   rest_api_id   = aws_api_gateway_rest_api.this.id
 317 │   deployment_id = aws_api_gateway_deployment.this.id
 318 │   stage_name    = var.stage_name
 319 │   description   = var.stage_description
 320 │ 
 321 │   xray_tracing_enabled  = var.xray_tracing_enabled
 322 │   cache_cluster_enabled = var.cache_cluster_enabled
 323 └   cache_cluster_size    = var.cache_cluster_size
 ...   
────────────────────────────────────────


AVD-AWS-0001 (MEDIUM): Access logging is not configured.
════════════════════════════════════════
API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.


See https://avd.aquasec.com/misconfig/avd-aws-0001
────────────────────────────────────────
 api_gateway/main.tf:315-346
   via api_gateway/tests/basic/main.tf:64-104 (module.lambda_api)
────────────────────────────────────────
 315 ┌ resource "aws_api_gateway_stage" "this" {
 316 │   rest_api_id   = aws_api_gateway_rest_api.this.id
 317 │   deployment_id = aws_api_gateway_deployment.this.id
 318 │   stage_name    = var.stage_name
 319 │   description   = var.stage_description
 320 │ 
 321 │   xray_tracing_enabled  = var.xray_tracing_enabled
 322 │   cache_cluster_enabled = var.cache_cluster_enabled
 323 └   cache_cluster_size    = var.cache_cluster_size
 ...   
────────────────────────────────────────


AVD-AWS-0001 (MEDIUM): Access logging is not configured.
════════════════════════════════════════
API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.


See https://avd.aquasec.com/misconfig/avd-aws-0001
────────────────────────────────────────
 api_gateway/main.tf:315-346
   via api_gateway/tests/basic/main.tf:174-259 (module.secured_api)
────────────────────────────────────────
 315 ┌ resource "aws_api_gateway_stage" "this" {
 316 │   rest_api_id   = aws_api_gateway_rest_api.this.id
 317 │   deployment_id = aws_api_gateway_deployment.this.id
 318 │   stage_name    = var.stage_name
 319 │   description   = var.stage_description
 320 │ 
 321 │   xray_tracing_enabled  = var.xray_tracing_enabled
 322 │   cache_cluster_enabled = var.cache_cluster_enabled
 323 └   cache_cluster_size    = var.cache_cluster_size
 ...   
────────────────────────────────────────


AVD-AWS-0001 (MEDIUM): Access logging is not configured.
════════════════════════════════════════
API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.


See https://avd.aquasec.com/misconfig/avd-aws-0001
────────────────────────────────────────
 api_gateway/main.tf:315-346
   via api_gateway/tests/basic/main.tf:266-343 (module.validated_api)
────────────────────────────────────────
 315 ┌ resource "aws_api_gateway_stage" "this" {
 316 │   rest_api_id   = aws_api_gateway_rest_api.this.id
 317 │   deployment_id = aws_api_gateway_deployment.this.id
 318 │   stage_name    = var.stage_name
 319 │   description   = var.stage_description
 320 │ 
 321 │   xray_tracing_enabled  = var.xray_tracing_enabled
 322 │   cache_cluster_enabled = var.cache_cluster_enabled
 323 └   cache_cluster_size    = var.cache_cluster_size
 ...   
────────────────────────────────────────



s3/main.tf (terraform)
======================
Tests: 1 (SUCCESSES: 0, FAILURES: 1)
Failures: 1 (MEDIUM: 1, HIGH: 0, CRITICAL: 0)

AVD-AWS-0090 (MEDIUM): Bucket does not have versioning enabled
════════════════════════════════════════
Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket.

You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.

With versioning you can recover more easily from both unintended user actions and application failures.

When you enable versioning, also keep in mind the potential costs of storing noncurrent versions of objects. To help manage those costs, consider setting up an S3 Lifecycle configuration.


See https://avd.aquasec.com/misconfig/avd-aws-0090
────────────────────────────────────────
 s3/main.tf:33
   via s3/main.tf:32-34 (versioning_configuration)
    via s3/main.tf:29-35 (aws_s3_bucket_versioning.this)
     via s3/tests/basic/main.tf:121-132 (module.no_versioning_bucket)
────────────────────────────────────────
  29   resource "aws_s3_bucket_versioning" "this" {
  30     bucket = aws_s3_bucket.this.id
  31   
  32     versioning_configuration {
  33 [     status = var.versioning_enabled ? "Enabled" : "Suspended"
  34     }
  35   }
────────────────────────────────────────



vpc/main.tf (terraform)
=======================
Tests: 9 (SUCCESSES: 0, FAILURES: 9)
Failures: 9 (MEDIUM: 9, HIGH: 0, CRITICAL: 0)

AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via stack/networking/main.tf:47-59 (module.vpc)
    via stack/networking/tests/basic/main.tf:23-34 (module.networking)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via stack/networking/main.tf:47-59 (module.vpc)
    via stack/networking/tests/no-nat/main.tf:23-37 (module.networking)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via stack/networking/main.tf:47-59 (module.vpc)
    via stack/networking/tests/single-nat/main.tf:23-34 (module.networking)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via vpc/tests/basic/main.tf:23-36 (module.test_vpc)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via internet_gateway/tests/basic/main.tf:23-28 (module.vpc)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via nat_gateway/tests/basic/main.tf:23-28 (module.vpc)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via route_table/tests/basic/main.tf:23-28 (module.vpc)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via security_group/tests/basic/main.tf:23-28 (module.vpc)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────


AVD-AWS-0178 (MEDIUM): VPC does not have VPC Flow Logs enabled.
════════════════════════════════════════
VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.


See https://avd.aquasec.com/misconfig/aws-autoscaling-enable-at-rest-encryption
────────────────────────────────────────
 vpc/main.tf:12-26
   via subnet/tests/basic/main.tf:23-28 (module.vpc)
────────────────────────────────────────
  12 ┌ resource "aws_vpc" "this" {
  13 │   cidr_block                           = var.cidr_block
  14 │   enable_dns_support                   = var.enable_dns_support
  15 │   enable_dns_hostnames                 = var.enable_dns_hostnames
  16 │   assign_generated_ipv6_cidr_block     = var.enable_ipv6
  17 │   instance_tenancy                     = var.instance_tenancy
  18 │   enable_network_address_usage_metrics = var.enable_network_address_usage_metrics
  19 │ 
  20 └   tags = merge(
  ..   
────────────────────────────────────────

_{👤 Pusher: @Copilot | 🔄 Action: pull_request | ⚙️ Workflow: Terraform Check}

Initial plan

66b9bbb

Copilot AI assigned Copilot and llama90 Dec 18, 2025

Copilot started work on behalf of llama90 December 18, 2025 22:23 View session

Copilot AI and others added 2 commits December 18, 2025 22:30

Add Azure Blob Storage module with complete implementation

f1637f7

Co-authored-by: llama90 <6668548+llama90@users.noreply.github.com>

Address code review feedback with clarifying comments

98677df

Co-authored-by: llama90 <6668548+llama90@users.noreply.github.com>

Copilot AI changed the title ~~[WIP] Create production-ready Terraform code for Azure Blob Storage~~ Add Azure Blob Storage module Dec 18, 2025

Copilot AI requested a review from llama90 December 18, 2025 22:37

Copilot finished work on behalf of llama90 December 18, 2025 22:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Azure Blob Storage module#31

Add Azure Blob Storage module#31
Copilot wants to merge 3 commits intomainfrom
copilot/create-azure-blob-storage-code

Copilot AI commented Dec 18, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Copilot AI commented Dec 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Type of Change

Checklist

Module Information

Additional Notes

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

github-actions bot commented Dec 19, 2025

🔍 Terraform Check Results

📊 Summary

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Copilot AI commented Dec 18, 2025 •

edited

Loading