The azure-native:storage:BlobInventoryPolicy resource, part of the Pulumi Azure Native provider, defines automated inventory report generation for blobs and containers in a storage account. This guide focuses on three capabilities: configuring blob and container inventory rules, filtering by prefix and deletion status, and selecting schema fields and output formats.
Blob inventory policies belong to a storage account and write reports to containers within that account. The examples are intentionally small. Combine them with your own storage account configuration and lifecycle policies.
Generate daily blob inventories with filtering
Teams managing large storage accounts need visibility into blob metadata to track costs and plan lifecycle policies. Blob inventory policies automate report generation for blobs matching specified criteria.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const blobInventoryPolicy = new azure_native.storage.BlobInventoryPolicy("blobInventoryPolicy", {
accountName: "sto9699",
blobInventoryPolicyName: "default",
policy: {
enabled: true,
rules: [
{
definition: {
filters: {
blobTypes: [
"blockBlob",
"appendBlob",
"pageBlob",
],
creationTime: {
lastNDays: 1000,
},
includeBlobVersions: true,
includeSnapshots: true,
prefixMatch: [
"inventoryprefix1",
"inventoryprefix2",
],
},
format: azure_native.storage.Format.Csv,
objectType: azure_native.storage.ObjectType.Blob,
schedule: azure_native.storage.Schedule.Daily,
schemaFields: [
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"Metadata",
],
},
destination: "container1",
enabled: true,
name: "inventoryPolicyRule1",
},
{
definition: {
format: azure_native.storage.Format.Parquet,
objectType: azure_native.storage.ObjectType.Container,
schedule: azure_native.storage.Schedule.Weekly,
schemaFields: [
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
],
},
destination: "container2",
enabled: true,
name: "inventoryPolicyRule2",
},
],
type: azure_native.storage.InventoryRuleType.Inventory,
},
resourceGroupName: "res7687",
});
import pulumi
import pulumi_azure_native as azure_native
blob_inventory_policy = azure_native.storage.BlobInventoryPolicy("blobInventoryPolicy",
account_name="sto9699",
blob_inventory_policy_name="default",
policy={
"enabled": True,
"rules": [
{
"definition": {
"filters": {
"blob_types": [
"blockBlob",
"appendBlob",
"pageBlob",
],
"creation_time": {
"last_n_days": 1000,
},
"include_blob_versions": True,
"include_snapshots": True,
"prefix_match": [
"inventoryprefix1",
"inventoryprefix2",
],
},
"format": azure_native.storage.Format.CSV,
"object_type": azure_native.storage.ObjectType.BLOB,
"schedule": azure_native.storage.Schedule.DAILY,
"schema_fields": [
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"Metadata",
],
},
"destination": "container1",
"enabled": True,
"name": "inventoryPolicyRule1",
},
{
"definition": {
"format": azure_native.storage.Format.PARQUET,
"object_type": azure_native.storage.ObjectType.CONTAINER,
"schedule": azure_native.storage.Schedule.WEEKLY,
"schema_fields": [
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
],
},
"destination": "container2",
"enabled": True,
"name": "inventoryPolicyRule2",
},
],
"type": azure_native.storage.InventoryRuleType.INVENTORY,
},
resource_group_name="res7687")
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewBlobInventoryPolicy(ctx, "blobInventoryPolicy", &storage.BlobInventoryPolicyArgs{
AccountName: pulumi.String("sto9699"),
BlobInventoryPolicyName: pulumi.String("default"),
Policy: &storage.BlobInventoryPolicySchemaArgs{
Enabled: pulumi.Bool(true),
Rules: storage.BlobInventoryPolicyRuleArray{
&storage.BlobInventoryPolicyRuleArgs{
Definition: &storage.BlobInventoryPolicyDefinitionArgs{
Filters: &storage.BlobInventoryPolicyFilterArgs{
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
pulumi.String("appendBlob"),
pulumi.String("pageBlob"),
},
CreationTime: &storage.BlobInventoryCreationTimeArgs{
LastNDays: pulumi.Int(1000),
},
IncludeBlobVersions: pulumi.Bool(true),
IncludeSnapshots: pulumi.Bool(true),
PrefixMatch: pulumi.StringArray{
pulumi.String("inventoryprefix1"),
pulumi.String("inventoryprefix2"),
},
},
Format: pulumi.String(storage.FormatCsv),
ObjectType: pulumi.String(storage.ObjectTypeBlob),
Schedule: pulumi.String(storage.ScheduleDaily),
SchemaFields: pulumi.StringArray{
pulumi.String("Name"),
pulumi.String("Creation-Time"),
pulumi.String("Last-Modified"),
pulumi.String("Content-Length"),
pulumi.String("Content-MD5"),
pulumi.String("BlobType"),
pulumi.String("AccessTier"),
pulumi.String("AccessTierChangeTime"),
pulumi.String("Snapshot"),
pulumi.String("VersionId"),
pulumi.String("IsCurrentVersion"),
pulumi.String("Metadata"),
},
},
Destination: pulumi.String("container1"),
Enabled: pulumi.Bool(true),
Name: pulumi.String("inventoryPolicyRule1"),
},
&storage.BlobInventoryPolicyRuleArgs{
Definition: &storage.BlobInventoryPolicyDefinitionArgs{
Format: pulumi.String(storage.FormatParquet),
ObjectType: pulumi.String(storage.ObjectTypeContainer),
Schedule: pulumi.String(storage.ScheduleWeekly),
SchemaFields: pulumi.StringArray{
pulumi.String("Name"),
pulumi.String("Last-Modified"),
pulumi.String("Metadata"),
pulumi.String("LeaseStatus"),
pulumi.String("LeaseState"),
pulumi.String("LeaseDuration"),
pulumi.String("PublicAccess"),
pulumi.String("HasImmutabilityPolicy"),
pulumi.String("HasLegalHold"),
},
},
Destination: pulumi.String("container2"),
Enabled: pulumi.Bool(true),
Name: pulumi.String("inventoryPolicyRule2"),
},
},
Type: pulumi.String(storage.InventoryRuleTypeInventory),
},
ResourceGroupName: pulumi.String("res7687"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var blobInventoryPolicy = new AzureNative.Storage.BlobInventoryPolicy("blobInventoryPolicy", new()
{
AccountName = "sto9699",
BlobInventoryPolicyName = "default",
Policy = new AzureNative.Storage.Inputs.BlobInventoryPolicySchemaArgs
{
Enabled = true,
Rules = new[]
{
new AzureNative.Storage.Inputs.BlobInventoryPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.BlobInventoryPolicyDefinitionArgs
{
Filters = new AzureNative.Storage.Inputs.BlobInventoryPolicyFilterArgs
{
BlobTypes = new[]
{
"blockBlob",
"appendBlob",
"pageBlob",
},
CreationTime = new AzureNative.Storage.Inputs.BlobInventoryCreationTimeArgs
{
LastNDays = 1000,
},
IncludeBlobVersions = true,
IncludeSnapshots = true,
PrefixMatch = new[]
{
"inventoryprefix1",
"inventoryprefix2",
},
},
Format = AzureNative.Storage.Format.Csv,
ObjectType = AzureNative.Storage.ObjectType.Blob,
Schedule = AzureNative.Storage.Schedule.Daily,
SchemaFields = new[]
{
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"Metadata",
},
},
Destination = "container1",
Enabled = true,
Name = "inventoryPolicyRule1",
},
new AzureNative.Storage.Inputs.BlobInventoryPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.BlobInventoryPolicyDefinitionArgs
{
Format = AzureNative.Storage.Format.Parquet,
ObjectType = AzureNative.Storage.ObjectType.Container,
Schedule = AzureNative.Storage.Schedule.Weekly,
SchemaFields = new[]
{
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
},
},
Destination = "container2",
Enabled = true,
Name = "inventoryPolicyRule2",
},
},
Type = AzureNative.Storage.InventoryRuleType.Inventory,
},
ResourceGroupName = "res7687",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.BlobInventoryPolicy;
import com.pulumi.azurenative.storage.BlobInventoryPolicyArgs;
import com.pulumi.azurenative.storage.inputs.BlobInventoryPolicySchemaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var blobInventoryPolicy = new BlobInventoryPolicy("blobInventoryPolicy", BlobInventoryPolicyArgs.builder()
.accountName("sto9699")
.blobInventoryPolicyName("default")
.policy(BlobInventoryPolicySchemaArgs.builder()
.enabled(true)
.rules(
BlobInventoryPolicyRuleArgs.builder()
.definition(BlobInventoryPolicyDefinitionArgs.builder()
.filters(BlobInventoryPolicyFilterArgs.builder()
.blobTypes(
"blockBlob",
"appendBlob",
"pageBlob")
.creationTime(BlobInventoryCreationTimeArgs.builder()
.lastNDays(1000)
.build())
.includeBlobVersions(true)
.includeSnapshots(true)
.prefixMatch(
"inventoryprefix1",
"inventoryprefix2")
.build())
.format("Csv")
.objectType("Blob")
.schedule("Daily")
.schemaFields(
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"Metadata")
.build())
.destination("container1")
.enabled(true)
.name("inventoryPolicyRule1")
.build(),
BlobInventoryPolicyRuleArgs.builder()
.definition(BlobInventoryPolicyDefinitionArgs.builder()
.format("Parquet")
.objectType("Container")
.schedule("Weekly")
.schemaFields(
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold")
.build())
.destination("container2")
.enabled(true)
.name("inventoryPolicyRule2")
.build())
.type("Inventory")
.build())
.resourceGroupName("res7687")
.build());
}
}
resources:
blobInventoryPolicy:
type: azure-native:storage:BlobInventoryPolicy
properties:
accountName: sto9699
blobInventoryPolicyName: default
policy:
enabled: true
rules:
- definition:
filters:
blobTypes:
- blockBlob
- appendBlob
- pageBlob
creationTime:
lastNDays: 1000
includeBlobVersions: true
includeSnapshots: true
prefixMatch:
- inventoryprefix1
- inventoryprefix2
format: Csv
objectType: Blob
schedule: Daily
schemaFields:
- Name
- Creation-Time
- Last-Modified
- Content-Length
- Content-MD5
- BlobType
- AccessTier
- AccessTierChangeTime
- Snapshot
- VersionId
- IsCurrentVersion
- Metadata
destination: container1
enabled: true
name: inventoryPolicyRule1
- definition:
format: Parquet
objectType: Container
schedule: Weekly
schemaFields:
- Name
- Last-Modified
- Metadata
- LeaseStatus
- LeaseState
- LeaseDuration
- PublicAccess
- HasImmutabilityPolicy
- HasLegalHold
destination: container2
enabled: true
name: inventoryPolicyRule2
type: Inventory
resourceGroupName: res7687
Each rule in the policy defines what to inventory and where to write results. The definition specifies the objectType (Blob or Container), schedule (Daily or Weekly), and schemaFields that appear in the report. The filters property narrows the scope using prefixMatch for path patterns, blobTypes for block/append/page blobs, and flags like includeBlobVersions and includeSnapshots. The destination property names the container where Azure writes the inventory report. In this configuration, one rule generates daily CSV reports for blobs under specific prefixes, while another generates weekly Parquet reports for container metadata.
Include deleted blobs and extended metadata for HNS accounts
Hierarchical namespace accounts support additional metadata fields and soft-deleted blob tracking. Teams auditing compliance or investigating data loss need inventories that include deleted items.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const blobInventoryPolicy = new azure_native.storage.BlobInventoryPolicy("blobInventoryPolicy", {
accountName: "sto9699",
blobInventoryPolicyName: "default",
policy: {
enabled: true,
rules: [
{
definition: {
filters: {
blobTypes: [
"blockBlob",
"appendBlob",
"pageBlob",
],
excludePrefix: [
"excludeprefix1",
"excludeprefix2",
],
includeBlobVersions: true,
includeDeleted: true,
includeSnapshots: true,
prefixMatch: [
"inventoryprefix1",
"inventoryprefix2",
],
},
format: azure_native.storage.Format.Csv,
objectType: azure_native.storage.ObjectType.Blob,
schedule: azure_native.storage.Schedule.Daily,
schemaFields: [
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"ContentType",
"ContentEncoding",
"ContentLanguage",
"ContentCRC64",
"CacheControl",
"Metadata",
"DeletionId",
"Deleted",
"DeletedTime",
"RemainingRetentionDays",
],
},
destination: "container1",
enabled: true,
name: "inventoryPolicyRule1",
},
{
definition: {
format: azure_native.storage.Format.Parquet,
objectType: azure_native.storage.ObjectType.Container,
schedule: azure_native.storage.Schedule.Weekly,
schemaFields: [
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
"Etag",
"DefaultEncryptionScope",
"DenyEncryptionScopeOverride",
"ImmutableStorageWithVersioningEnabled",
"Deleted",
"Version",
"DeletedTime",
"RemainingRetentionDays",
],
},
destination: "container2",
enabled: true,
name: "inventoryPolicyRule2",
},
],
type: azure_native.storage.InventoryRuleType.Inventory,
},
resourceGroupName: "res7687",
});
import pulumi
import pulumi_azure_native as azure_native
blob_inventory_policy = azure_native.storage.BlobInventoryPolicy("blobInventoryPolicy",
account_name="sto9699",
blob_inventory_policy_name="default",
policy={
"enabled": True,
"rules": [
{
"definition": {
"filters": {
"blob_types": [
"blockBlob",
"appendBlob",
"pageBlob",
],
"exclude_prefix": [
"excludeprefix1",
"excludeprefix2",
],
"include_blob_versions": True,
"include_deleted": True,
"include_snapshots": True,
"prefix_match": [
"inventoryprefix1",
"inventoryprefix2",
],
},
"format": azure_native.storage.Format.CSV,
"object_type": azure_native.storage.ObjectType.BLOB,
"schedule": azure_native.storage.Schedule.DAILY,
"schema_fields": [
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"ContentType",
"ContentEncoding",
"ContentLanguage",
"ContentCRC64",
"CacheControl",
"Metadata",
"DeletionId",
"Deleted",
"DeletedTime",
"RemainingRetentionDays",
],
},
"destination": "container1",
"enabled": True,
"name": "inventoryPolicyRule1",
},
{
"definition": {
"format": azure_native.storage.Format.PARQUET,
"object_type": azure_native.storage.ObjectType.CONTAINER,
"schedule": azure_native.storage.Schedule.WEEKLY,
"schema_fields": [
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
"Etag",
"DefaultEncryptionScope",
"DenyEncryptionScopeOverride",
"ImmutableStorageWithVersioningEnabled",
"Deleted",
"Version",
"DeletedTime",
"RemainingRetentionDays",
],
},
"destination": "container2",
"enabled": True,
"name": "inventoryPolicyRule2",
},
],
"type": azure_native.storage.InventoryRuleType.INVENTORY,
},
resource_group_name="res7687")
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewBlobInventoryPolicy(ctx, "blobInventoryPolicy", &storage.BlobInventoryPolicyArgs{
AccountName: pulumi.String("sto9699"),
BlobInventoryPolicyName: pulumi.String("default"),
Policy: &storage.BlobInventoryPolicySchemaArgs{
Enabled: pulumi.Bool(true),
Rules: storage.BlobInventoryPolicyRuleArray{
&storage.BlobInventoryPolicyRuleArgs{
Definition: &storage.BlobInventoryPolicyDefinitionArgs{
Filters: &storage.BlobInventoryPolicyFilterArgs{
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
pulumi.String("appendBlob"),
pulumi.String("pageBlob"),
},
ExcludePrefix: pulumi.StringArray{
pulumi.String("excludeprefix1"),
pulumi.String("excludeprefix2"),
},
IncludeBlobVersions: pulumi.Bool(true),
IncludeDeleted: pulumi.Bool(true),
IncludeSnapshots: pulumi.Bool(true),
PrefixMatch: pulumi.StringArray{
pulumi.String("inventoryprefix1"),
pulumi.String("inventoryprefix2"),
},
},
Format: pulumi.String(storage.FormatCsv),
ObjectType: pulumi.String(storage.ObjectTypeBlob),
Schedule: pulumi.String(storage.ScheduleDaily),
SchemaFields: pulumi.StringArray{
pulumi.String("Name"),
pulumi.String("Creation-Time"),
pulumi.String("Last-Modified"),
pulumi.String("Content-Length"),
pulumi.String("Content-MD5"),
pulumi.String("BlobType"),
pulumi.String("AccessTier"),
pulumi.String("AccessTierChangeTime"),
pulumi.String("Snapshot"),
pulumi.String("VersionId"),
pulumi.String("IsCurrentVersion"),
pulumi.String("ContentType"),
pulumi.String("ContentEncoding"),
pulumi.String("ContentLanguage"),
pulumi.String("ContentCRC64"),
pulumi.String("CacheControl"),
pulumi.String("Metadata"),
pulumi.String("DeletionId"),
pulumi.String("Deleted"),
pulumi.String("DeletedTime"),
pulumi.String("RemainingRetentionDays"),
},
},
Destination: pulumi.String("container1"),
Enabled: pulumi.Bool(true),
Name: pulumi.String("inventoryPolicyRule1"),
},
&storage.BlobInventoryPolicyRuleArgs{
Definition: &storage.BlobInventoryPolicyDefinitionArgs{
Format: pulumi.String(storage.FormatParquet),
ObjectType: pulumi.String(storage.ObjectTypeContainer),
Schedule: pulumi.String(storage.ScheduleWeekly),
SchemaFields: pulumi.StringArray{
pulumi.String("Name"),
pulumi.String("Last-Modified"),
pulumi.String("Metadata"),
pulumi.String("LeaseStatus"),
pulumi.String("LeaseState"),
pulumi.String("LeaseDuration"),
pulumi.String("PublicAccess"),
pulumi.String("HasImmutabilityPolicy"),
pulumi.String("HasLegalHold"),
pulumi.String("Etag"),
pulumi.String("DefaultEncryptionScope"),
pulumi.String("DenyEncryptionScopeOverride"),
pulumi.String("ImmutableStorageWithVersioningEnabled"),
pulumi.String("Deleted"),
pulumi.String("Version"),
pulumi.String("DeletedTime"),
pulumi.String("RemainingRetentionDays"),
},
},
Destination: pulumi.String("container2"),
Enabled: pulumi.Bool(true),
Name: pulumi.String("inventoryPolicyRule2"),
},
},
Type: pulumi.String(storage.InventoryRuleTypeInventory),
},
ResourceGroupName: pulumi.String("res7687"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var blobInventoryPolicy = new AzureNative.Storage.BlobInventoryPolicy("blobInventoryPolicy", new()
{
AccountName = "sto9699",
BlobInventoryPolicyName = "default",
Policy = new AzureNative.Storage.Inputs.BlobInventoryPolicySchemaArgs
{
Enabled = true,
Rules = new[]
{
new AzureNative.Storage.Inputs.BlobInventoryPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.BlobInventoryPolicyDefinitionArgs
{
Filters = new AzureNative.Storage.Inputs.BlobInventoryPolicyFilterArgs
{
BlobTypes = new[]
{
"blockBlob",
"appendBlob",
"pageBlob",
},
ExcludePrefix = new[]
{
"excludeprefix1",
"excludeprefix2",
},
IncludeBlobVersions = true,
IncludeDeleted = true,
IncludeSnapshots = true,
PrefixMatch = new[]
{
"inventoryprefix1",
"inventoryprefix2",
},
},
Format = AzureNative.Storage.Format.Csv,
ObjectType = AzureNative.Storage.ObjectType.Blob,
Schedule = AzureNative.Storage.Schedule.Daily,
SchemaFields = new[]
{
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"ContentType",
"ContentEncoding",
"ContentLanguage",
"ContentCRC64",
"CacheControl",
"Metadata",
"DeletionId",
"Deleted",
"DeletedTime",
"RemainingRetentionDays",
},
},
Destination = "container1",
Enabled = true,
Name = "inventoryPolicyRule1",
},
new AzureNative.Storage.Inputs.BlobInventoryPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.BlobInventoryPolicyDefinitionArgs
{
Format = AzureNative.Storage.Format.Parquet,
ObjectType = AzureNative.Storage.ObjectType.Container,
Schedule = AzureNative.Storage.Schedule.Weekly,
SchemaFields = new[]
{
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
"Etag",
"DefaultEncryptionScope",
"DenyEncryptionScopeOverride",
"ImmutableStorageWithVersioningEnabled",
"Deleted",
"Version",
"DeletedTime",
"RemainingRetentionDays",
},
},
Destination = "container2",
Enabled = true,
Name = "inventoryPolicyRule2",
},
},
Type = AzureNative.Storage.InventoryRuleType.Inventory,
},
ResourceGroupName = "res7687",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.BlobInventoryPolicy;
import com.pulumi.azurenative.storage.BlobInventoryPolicyArgs;
import com.pulumi.azurenative.storage.inputs.BlobInventoryPolicySchemaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var blobInventoryPolicy = new BlobInventoryPolicy("blobInventoryPolicy", BlobInventoryPolicyArgs.builder()
.accountName("sto9699")
.blobInventoryPolicyName("default")
.policy(BlobInventoryPolicySchemaArgs.builder()
.enabled(true)
.rules(
BlobInventoryPolicyRuleArgs.builder()
.definition(BlobInventoryPolicyDefinitionArgs.builder()
.filters(BlobInventoryPolicyFilterArgs.builder()
.blobTypes(
"blockBlob",
"appendBlob",
"pageBlob")
.excludePrefix(
"excludeprefix1",
"excludeprefix2")
.includeBlobVersions(true)
.includeDeleted(true)
.includeSnapshots(true)
.prefixMatch(
"inventoryprefix1",
"inventoryprefix2")
.build())
.format("Csv")
.objectType("Blob")
.schedule("Daily")
.schemaFields(
"Name",
"Creation-Time",
"Last-Modified",
"Content-Length",
"Content-MD5",
"BlobType",
"AccessTier",
"AccessTierChangeTime",
"Snapshot",
"VersionId",
"IsCurrentVersion",
"ContentType",
"ContentEncoding",
"ContentLanguage",
"ContentCRC64",
"CacheControl",
"Metadata",
"DeletionId",
"Deleted",
"DeletedTime",
"RemainingRetentionDays")
.build())
.destination("container1")
.enabled(true)
.name("inventoryPolicyRule1")
.build(),
BlobInventoryPolicyRuleArgs.builder()
.definition(BlobInventoryPolicyDefinitionArgs.builder()
.format("Parquet")
.objectType("Container")
.schedule("Weekly")
.schemaFields(
"Name",
"Last-Modified",
"Metadata",
"LeaseStatus",
"LeaseState",
"LeaseDuration",
"PublicAccess",
"HasImmutabilityPolicy",
"HasLegalHold",
"Etag",
"DefaultEncryptionScope",
"DenyEncryptionScopeOverride",
"ImmutableStorageWithVersioningEnabled",
"Deleted",
"Version",
"DeletedTime",
"RemainingRetentionDays")
.build())
.destination("container2")
.enabled(true)
.name("inventoryPolicyRule2")
.build())
.type("Inventory")
.build())
.resourceGroupName("res7687")
.build());
}
}
resources:
blobInventoryPolicy:
type: azure-native:storage:BlobInventoryPolicy
properties:
accountName: sto9699
blobInventoryPolicyName: default
policy:
enabled: true
rules:
- definition:
filters:
blobTypes:
- blockBlob
- appendBlob
- pageBlob
excludePrefix:
- excludeprefix1
- excludeprefix2
includeBlobVersions: true
includeDeleted: true
includeSnapshots: true
prefixMatch:
- inventoryprefix1
- inventoryprefix2
format: Csv
objectType: Blob
schedule: Daily
schemaFields:
- Name
- Creation-Time
- Last-Modified
- Content-Length
- Content-MD5
- BlobType
- AccessTier
- AccessTierChangeTime
- Snapshot
- VersionId
- IsCurrentVersion
- ContentType
- ContentEncoding
- ContentLanguage
- ContentCRC64
- CacheControl
- Metadata
- DeletionId
- Deleted
- DeletedTime
- RemainingRetentionDays
destination: container1
enabled: true
name: inventoryPolicyRule1
- definition:
format: Parquet
objectType: Container
schedule: Weekly
schemaFields:
- Name
- Last-Modified
- Metadata
- LeaseStatus
- LeaseState
- LeaseDuration
- PublicAccess
- HasImmutabilityPolicy
- HasLegalHold
- Etag
- DefaultEncryptionScope
- DenyEncryptionScopeOverride
- ImmutableStorageWithVersioningEnabled
- Deleted
- Version
- DeletedTime
- RemainingRetentionDays
destination: container2
enabled: true
name: inventoryPolicyRule2
type: Inventory
resourceGroupName: res7687
The includeDeleted flag adds soft-deleted blobs to the inventory, while excludePrefix filters out paths you don’t need. The schemaFields array includes deletion-specific fields like DeletionId, DeletedTime, and RemainingRetentionDays that track when blobs were deleted and how long they remain in soft-delete storage. This configuration is designed for Data Lake Storage Gen2 accounts where hierarchical namespace is enabled, providing extended metadata not available in standard blob storage.
Beyond these examples
These snippets focus on specific inventory policy features: blob and container inventory generation, filtering by prefix and deletion status, and CSV and Parquet output formats. They’re intentionally minimal rather than full storage management solutions.
The examples reference pre-existing infrastructure such as storage accounts with containers for inventory output, and resource groups. They focus on configuring inventory rules rather than provisioning the storage account itself.
To keep things focused, common inventory patterns are omitted, including:
- Creation time filtering (creationTime with lastNDays)
- Policy-level enable/disable without deleting the resource
- Multiple storage accounts in a single policy
- Custom schedule intervals beyond Daily/Weekly
These omissions are intentional: the goal is to illustrate how inventory rules are wired, not provide drop-in storage audit modules. See the BlobInventoryPolicy resource reference for all available configuration options.
Let's configure Azure Blob Storage Inventory Policies
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Policy Configuration
Why must the blob inventory policy name be 'default'?
The
blobInventoryPolicyName must always be set to “default” as specified in the resource’s input properties.Can I have multiple inventory rules in one policy?
Yes, the
policy.rules property accepts an array of rules. You can define separate rules for different object types, schedules, or filters within a single policy.What properties can't be changed after creation?
The
accountName, blobInventoryPolicyName, and resourceGroupName properties are immutable and cannot be modified after the resource is created.Inventory Rules & Filtering
What's the difference between blob and container inventory?
Blob inventory tracks individual blob properties like size, content type, and access tier. Container inventory tracks container-level properties like lease status, public access, and immutability policies. Set this using the
objectType property.How do I filter which blobs are included in the inventory?
Use the
filters property to specify blobTypes (blockBlob, appendBlob, pageBlob), prefixMatch for inclusion patterns, excludePrefix for exclusion patterns, and creationTime.lastNDays for time-based filtering.Can I include deleted blobs, snapshots, or versions in the inventory?
Yes, use the filter properties
includeDeleted, includeSnapshots, and includeBlobVersions to include these optional data types in your inventory.Output Configuration
What output formats and schedules are available?
Inventory reports support CSV and Parquet formats via the
format property. Schedules can be set to Daily or Weekly using the schedule property.What schema fields differ between HNS and non-HNS storage accounts?
HNS (Hierarchical Namespace) accounts support the
DeletionId field for tracking deleted items, while non-HNS accounts support the Tags field instead. Other deletion-related fields like Deleted, DeletedTime, and RemainingRetentionDays are available in both.Where are inventory reports stored?
Inventory reports are written to the container specified in the
destination property of each rule. Each rule can write to a different destination container.