The azure-native:storage:ManagementPolicy resource, part of the Pulumi Azure Native provider, defines lifecycle management rules for Azure Storage blobs: automatic tiering between Hot, Cool, Cold, and Archive tiers, plus deletion based on age or access patterns. This guide focuses on three capabilities: time-based tiering strategies, access-time and tier-change tracking, and snapshot and version lifecycle management.
Management policies apply to existing storage accounts and containers. Some features like last-access-time tracking require account-level configuration before you can use them in policies. The examples are intentionally small. Combine them with your own storage accounts, containers, and filtering logic.
Tier and delete blobs based on modification time
Most lifecycle policies move blobs through storage tiers as they age, reducing costs by archiving infrequently accessed data and eventually deleting old content.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managementPolicy = new azure_native.storage.ManagementPolicy("managementPolicy", {
accountName: "sto9699",
managementPolicyName: "default",
policy: {
rules: [
{
definition: {
actions: {
baseBlob: {
"delete": {
daysAfterModificationGreaterThan: 1000,
},
tierToArchive: {
daysAfterModificationGreaterThan: 90,
},
tierToCool: {
daysAfterModificationGreaterThan: 30,
},
},
snapshot: {
"delete": {
daysAfterCreationGreaterThan: 30,
},
},
},
filters: {
blobTypes: ["blockBlob"],
prefixMatch: ["olcmtestcontainer1"],
},
},
enabled: true,
name: "olcmtest1",
type: azure_native.storage.RuleType.Lifecycle,
},
{
definition: {
actions: {
baseBlob: {
"delete": {
daysAfterModificationGreaterThan: 1000,
},
tierToArchive: {
daysAfterModificationGreaterThan: 90,
},
tierToCool: {
daysAfterModificationGreaterThan: 30,
},
},
},
filters: {
blobIndexMatch: [
{
name: "tag1",
op: "==",
value: "val1",
},
{
name: "tag2",
op: "==",
value: "val2",
},
],
blobTypes: ["blockBlob"],
prefixMatch: ["olcmtestcontainer2"],
},
},
enabled: true,
name: "olcmtest2",
type: azure_native.storage.RuleType.Lifecycle,
},
],
},
resourceGroupName: "res7687",
});
import pulumi
import pulumi_azure_native as azure_native
management_policy = azure_native.storage.ManagementPolicy("managementPolicy",
account_name="sto9699",
management_policy_name="default",
policy={
"rules": [
{
"definition": {
"actions": {
"base_blob": {
"delete": {
"days_after_modification_greater_than": 1000,
},
"tier_to_archive": {
"days_after_modification_greater_than": 90,
},
"tier_to_cool": {
"days_after_modification_greater_than": 30,
},
},
"snapshot": {
"delete": {
"days_after_creation_greater_than": 30,
},
},
},
"filters": {
"blob_types": ["blockBlob"],
"prefix_match": ["olcmtestcontainer1"],
},
},
"enabled": True,
"name": "olcmtest1",
"type": azure_native.storage.RuleType.LIFECYCLE,
},
{
"definition": {
"actions": {
"base_blob": {
"delete": {
"days_after_modification_greater_than": 1000,
},
"tier_to_archive": {
"days_after_modification_greater_than": 90,
},
"tier_to_cool": {
"days_after_modification_greater_than": 30,
},
},
},
"filters": {
"blob_index_match": [
{
"name": "tag1",
"op": "==",
"value": "val1",
},
{
"name": "tag2",
"op": "==",
"value": "val2",
},
],
"blob_types": ["blockBlob"],
"prefix_match": ["olcmtestcontainer2"],
},
},
"enabled": True,
"name": "olcmtest2",
"type": azure_native.storage.RuleType.LIFECYCLE,
},
],
},
resource_group_name="res7687")
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewManagementPolicy(ctx, "managementPolicy", &storage.ManagementPolicyArgs{
AccountName: pulumi.String("sto9699"),
ManagementPolicyName: pulumi.String("default"),
Policy: &storage.ManagementPolicySchemaArgs{
Rules: storage.ManagementPolicyRuleArray{
&storage.ManagementPolicyRuleArgs{
Definition: &storage.ManagementPolicyDefinitionArgs{
Actions: &storage.ManagementPolicyActionArgs{
BaseBlob: &storage.ManagementPolicyBaseBlobArgs{
Delete: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(1000),
},
TierToArchive: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(90),
},
TierToCool: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(30),
},
},
Snapshot: &storage.ManagementPolicySnapShotArgs{
Delete: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
},
},
},
Filters: &storage.ManagementPolicyFilterArgs{
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
},
PrefixMatch: pulumi.StringArray{
pulumi.String("olcmtestcontainer1"),
},
},
},
Enabled: pulumi.Bool(true),
Name: pulumi.String("olcmtest1"),
Type: pulumi.String(storage.RuleTypeLifecycle),
},
&storage.ManagementPolicyRuleArgs{
Definition: &storage.ManagementPolicyDefinitionArgs{
Actions: &storage.ManagementPolicyActionArgs{
BaseBlob: &storage.ManagementPolicyBaseBlobArgs{
Delete: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(1000),
},
TierToArchive: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(90),
},
TierToCool: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(30),
},
},
},
Filters: &storage.ManagementPolicyFilterArgs{
BlobIndexMatch: storage.TagFilterArray{
&storage.TagFilterArgs{
Name: pulumi.String("tag1"),
Op: pulumi.String("=="),
Value: pulumi.String("val1"),
},
&storage.TagFilterArgs{
Name: pulumi.String("tag2"),
Op: pulumi.String("=="),
Value: pulumi.String("val2"),
},
},
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
},
PrefixMatch: pulumi.StringArray{
pulumi.String("olcmtestcontainer2"),
},
},
},
Enabled: pulumi.Bool(true),
Name: pulumi.String("olcmtest2"),
Type: pulumi.String(storage.RuleTypeLifecycle),
},
},
},
ResourceGroupName: pulumi.String("res7687"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managementPolicy = new AzureNative.Storage.ManagementPolicy("managementPolicy", new()
{
AccountName = "sto9699",
ManagementPolicyName = "default",
Policy = new AzureNative.Storage.Inputs.ManagementPolicySchemaArgs
{
Rules = new[]
{
new AzureNative.Storage.Inputs.ManagementPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.ManagementPolicyDefinitionArgs
{
Actions = new AzureNative.Storage.Inputs.ManagementPolicyActionArgs
{
BaseBlob = new AzureNative.Storage.Inputs.ManagementPolicyBaseBlobArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 1000,
},
TierToArchive = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 90,
},
TierToCool = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 30,
},
},
Snapshot = new AzureNative.Storage.Inputs.ManagementPolicySnapShotArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
},
},
},
Filters = new AzureNative.Storage.Inputs.ManagementPolicyFilterArgs
{
BlobTypes = new[]
{
"blockBlob",
},
PrefixMatch = new[]
{
"olcmtestcontainer1",
},
},
},
Enabled = true,
Name = "olcmtest1",
Type = AzureNative.Storage.RuleType.Lifecycle,
},
new AzureNative.Storage.Inputs.ManagementPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.ManagementPolicyDefinitionArgs
{
Actions = new AzureNative.Storage.Inputs.ManagementPolicyActionArgs
{
BaseBlob = new AzureNative.Storage.Inputs.ManagementPolicyBaseBlobArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 1000,
},
TierToArchive = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 90,
},
TierToCool = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 30,
},
},
},
Filters = new AzureNative.Storage.Inputs.ManagementPolicyFilterArgs
{
BlobIndexMatch = new[]
{
new AzureNative.Storage.Inputs.TagFilterArgs
{
Name = "tag1",
Op = "==",
Value = "val1",
},
new AzureNative.Storage.Inputs.TagFilterArgs
{
Name = "tag2",
Op = "==",
Value = "val2",
},
},
BlobTypes = new[]
{
"blockBlob",
},
PrefixMatch = new[]
{
"olcmtestcontainer2",
},
},
},
Enabled = true,
Name = "olcmtest2",
Type = AzureNative.Storage.RuleType.Lifecycle,
},
},
},
ResourceGroupName = "res7687",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.ManagementPolicy;
import com.pulumi.azurenative.storage.ManagementPolicyArgs;
import com.pulumi.azurenative.storage.inputs.ManagementPolicySchemaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managementPolicy = new ManagementPolicy("managementPolicy", ManagementPolicyArgs.builder()
.accountName("sto9699")
.managementPolicyName("default")
.policy(ManagementPolicySchemaArgs.builder()
.rules(
ManagementPolicyRuleArgs.builder()
.definition(ManagementPolicyDefinitionArgs.builder()
.actions(ManagementPolicyActionArgs.builder()
.baseBlob(ManagementPolicyBaseBlobArgs.builder()
.delete(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(1000.0)
.build())
.tierToArchive(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(90.0)
.build())
.tierToCool(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(30.0)
.build())
.build())
.snapshot(ManagementPolicySnapShotArgs.builder()
.delete(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.build())
.build())
.build())
.filters(ManagementPolicyFilterArgs.builder()
.blobTypes("blockBlob")
.prefixMatch("olcmtestcontainer1")
.build())
.build())
.enabled(true)
.name("olcmtest1")
.type("Lifecycle")
.build(),
ManagementPolicyRuleArgs.builder()
.definition(ManagementPolicyDefinitionArgs.builder()
.actions(ManagementPolicyActionArgs.builder()
.baseBlob(ManagementPolicyBaseBlobArgs.builder()
.delete(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(1000.0)
.build())
.tierToArchive(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(90.0)
.build())
.tierToCool(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(30.0)
.build())
.build())
.build())
.filters(ManagementPolicyFilterArgs.builder()
.blobIndexMatch(
TagFilterArgs.builder()
.name("tag1")
.op("==")
.value("val1")
.build(),
TagFilterArgs.builder()
.name("tag2")
.op("==")
.value("val2")
.build())
.blobTypes("blockBlob")
.prefixMatch("olcmtestcontainer2")
.build())
.build())
.enabled(true)
.name("olcmtest2")
.type("Lifecycle")
.build())
.build())
.resourceGroupName("res7687")
.build());
}
}
resources:
managementPolicy:
type: azure-native:storage:ManagementPolicy
properties:
accountName: sto9699
managementPolicyName: default
policy:
rules:
- definition:
actions:
baseBlob:
delete:
daysAfterModificationGreaterThan: 1000
tierToArchive:
daysAfterModificationGreaterThan: 90
tierToCool:
daysAfterModificationGreaterThan: 30
snapshot:
delete:
daysAfterCreationGreaterThan: 30
filters:
blobTypes:
- blockBlob
prefixMatch:
- olcmtestcontainer1
enabled: true
name: olcmtest1
type: Lifecycle
- definition:
actions:
baseBlob:
delete:
daysAfterModificationGreaterThan: 1000
tierToArchive:
daysAfterModificationGreaterThan: 90
tierToCool:
daysAfterModificationGreaterThan: 30
filters:
blobIndexMatch:
- name: tag1
op: ==
value: val1
- name: tag2
op: ==
value: val2
blobTypes:
- blockBlob
prefixMatch:
- olcmtestcontainer2
enabled: true
name: olcmtest2
type: Lifecycle
resourceGroupName: res7687
When a blob’s modification time exceeds the threshold, Azure automatically moves it to the specified tier. The baseBlob actions define transitions for current blob versions: tierToCool moves blobs to Cool storage after 30 days, tierToArchive moves them to Archive after 90 days, and delete removes them after 1000 days. The filters property uses prefixMatch to target specific containers or paths, and blobTypes restricts the rule to blockBlob objects. The snapshot actions apply the same logic to blob snapshots, but use daysAfterCreationGreaterThan instead of daysAfterModificationGreaterThan because snapshots are immutable.
Include Cold tier in lifecycle transitions
Azure Storage offers a Cold tier between Cool and Archive for data accessed infrequently but requiring faster retrieval than Archive allows.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managementPolicy = new azure_native.storage.ManagementPolicy("managementPolicy", {
accountName: "sto9699",
managementPolicyName: "default",
policy: {
rules: [{
definition: {
actions: {
baseBlob: {
"delete": {
daysAfterModificationGreaterThan: 1000,
},
tierToArchive: {
daysAfterModificationGreaterThan: 90,
},
tierToCold: {
daysAfterModificationGreaterThan: 30,
},
tierToCool: {
daysAfterModificationGreaterThan: 30,
},
},
snapshot: {
"delete": {
daysAfterCreationGreaterThan: 30,
},
tierToCold: {
daysAfterCreationGreaterThan: 30,
},
},
version: {
"delete": {
daysAfterCreationGreaterThan: 30,
},
tierToCold: {
daysAfterCreationGreaterThan: 30,
},
},
},
filters: {
blobTypes: ["blockBlob"],
prefixMatch: ["olcmtestcontainer1"],
},
},
enabled: true,
name: "olcmtest1",
type: azure_native.storage.RuleType.Lifecycle,
}],
},
resourceGroupName: "res7687",
});
import pulumi
import pulumi_azure_native as azure_native
management_policy = azure_native.storage.ManagementPolicy("managementPolicy",
account_name="sto9699",
management_policy_name="default",
policy={
"rules": [{
"definition": {
"actions": {
"base_blob": {
"delete": {
"days_after_modification_greater_than": 1000,
},
"tier_to_archive": {
"days_after_modification_greater_than": 90,
},
"tier_to_cold": {
"days_after_modification_greater_than": 30,
},
"tier_to_cool": {
"days_after_modification_greater_than": 30,
},
},
"snapshot": {
"delete": {
"days_after_creation_greater_than": 30,
},
"tier_to_cold": {
"days_after_creation_greater_than": 30,
},
},
"version": {
"delete": {
"days_after_creation_greater_than": 30,
},
"tier_to_cold": {
"days_after_creation_greater_than": 30,
},
},
},
"filters": {
"blob_types": ["blockBlob"],
"prefix_match": ["olcmtestcontainer1"],
},
},
"enabled": True,
"name": "olcmtest1",
"type": azure_native.storage.RuleType.LIFECYCLE,
}],
},
resource_group_name="res7687")
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewManagementPolicy(ctx, "managementPolicy", &storage.ManagementPolicyArgs{
AccountName: pulumi.String("sto9699"),
ManagementPolicyName: pulumi.String("default"),
Policy: &storage.ManagementPolicySchemaArgs{
Rules: storage.ManagementPolicyRuleArray{
&storage.ManagementPolicyRuleArgs{
Definition: &storage.ManagementPolicyDefinitionArgs{
Actions: &storage.ManagementPolicyActionArgs{
BaseBlob: &storage.ManagementPolicyBaseBlobArgs{
Delete: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(1000),
},
TierToArchive: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(90),
},
TierToCold: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(30),
},
TierToCool: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(30),
},
},
Snapshot: &storage.ManagementPolicySnapShotArgs{
Delete: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
},
TierToCold: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
},
},
Version: &storage.ManagementPolicyVersionArgs{
Delete: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
},
TierToCold: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
},
},
},
Filters: &storage.ManagementPolicyFilterArgs{
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
},
PrefixMatch: pulumi.StringArray{
pulumi.String("olcmtestcontainer1"),
},
},
},
Enabled: pulumi.Bool(true),
Name: pulumi.String("olcmtest1"),
Type: pulumi.String(storage.RuleTypeLifecycle),
},
},
},
ResourceGroupName: pulumi.String("res7687"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managementPolicy = new AzureNative.Storage.ManagementPolicy("managementPolicy", new()
{
AccountName = "sto9699",
ManagementPolicyName = "default",
Policy = new AzureNative.Storage.Inputs.ManagementPolicySchemaArgs
{
Rules = new[]
{
new AzureNative.Storage.Inputs.ManagementPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.ManagementPolicyDefinitionArgs
{
Actions = new AzureNative.Storage.Inputs.ManagementPolicyActionArgs
{
BaseBlob = new AzureNative.Storage.Inputs.ManagementPolicyBaseBlobArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 1000,
},
TierToArchive = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 90,
},
TierToCold = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 30,
},
TierToCool = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 30,
},
},
Snapshot = new AzureNative.Storage.Inputs.ManagementPolicySnapShotArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
},
TierToCold = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
},
},
Version = new AzureNative.Storage.Inputs.ManagementPolicyVersionArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
},
TierToCold = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
},
},
},
Filters = new AzureNative.Storage.Inputs.ManagementPolicyFilterArgs
{
BlobTypes = new[]
{
"blockBlob",
},
PrefixMatch = new[]
{
"olcmtestcontainer1",
},
},
},
Enabled = true,
Name = "olcmtest1",
Type = AzureNative.Storage.RuleType.Lifecycle,
},
},
},
ResourceGroupName = "res7687",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.ManagementPolicy;
import com.pulumi.azurenative.storage.ManagementPolicyArgs;
import com.pulumi.azurenative.storage.inputs.ManagementPolicySchemaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managementPolicy = new ManagementPolicy("managementPolicy", ManagementPolicyArgs.builder()
.accountName("sto9699")
.managementPolicyName("default")
.policy(ManagementPolicySchemaArgs.builder()
.rules(ManagementPolicyRuleArgs.builder()
.definition(ManagementPolicyDefinitionArgs.builder()
.actions(ManagementPolicyActionArgs.builder()
.baseBlob(ManagementPolicyBaseBlobArgs.builder()
.delete(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(1000.0)
.build())
.tierToArchive(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(90.0)
.build())
.tierToCold(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(30.0)
.build())
.tierToCool(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(30.0)
.build())
.build())
.snapshot(ManagementPolicySnapShotArgs.builder()
.delete(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.build())
.tierToCold(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.build())
.build())
.version(ManagementPolicyVersionArgs.builder()
.delete(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.build())
.tierToCold(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.build())
.build())
.build())
.filters(ManagementPolicyFilterArgs.builder()
.blobTypes("blockBlob")
.prefixMatch("olcmtestcontainer1")
.build())
.build())
.enabled(true)
.name("olcmtest1")
.type("Lifecycle")
.build())
.build())
.resourceGroupName("res7687")
.build());
}
}
resources:
managementPolicy:
type: azure-native:storage:ManagementPolicy
properties:
accountName: sto9699
managementPolicyName: default
policy:
rules:
- definition:
actions:
baseBlob:
delete:
daysAfterModificationGreaterThan: 1000
tierToArchive:
daysAfterModificationGreaterThan: 90
tierToCold:
daysAfterModificationGreaterThan: 30
tierToCool:
daysAfterModificationGreaterThan: 30
snapshot:
delete:
daysAfterCreationGreaterThan: 30
tierToCold:
daysAfterCreationGreaterThan: 30
version:
delete:
daysAfterCreationGreaterThan: 30
tierToCold:
daysAfterCreationGreaterThan: 30
filters:
blobTypes:
- blockBlob
prefixMatch:
- olcmtestcontainer1
enabled: true
name: olcmtest1
type: Lifecycle
resourceGroupName: res7687
The tierToCold action adds an intermediate step in the tiering progression. This configuration moves blobs to Cool and Cold after 30 days, then to Archive after 90 days. The snapshot and version blocks apply similar tiering rules to snapshots and blob versions, using daysAfterCreationGreaterThan because these objects don’t change after creation.
Tier blobs based on last access time
Access-time tracking enables policies that respond to actual usage patterns rather than just blob age, moving cold data to cheaper tiers while keeping frequently accessed blobs in Hot storage.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managementPolicy = new azure_native.storage.ManagementPolicy("managementPolicy", {
accountName: "sto9699",
managementPolicyName: "default",
policy: {
rules: [{
definition: {
actions: {
baseBlob: {
"delete": {
daysAfterLastAccessTimeGreaterThan: 1000,
},
enableAutoTierToHotFromCool: true,
tierToArchive: {
daysAfterLastAccessTimeGreaterThan: 90,
},
tierToCool: {
daysAfterLastAccessTimeGreaterThan: 30,
},
},
snapshot: {
"delete": {
daysAfterCreationGreaterThan: 30,
},
},
},
filters: {
blobTypes: ["blockBlob"],
prefixMatch: ["olcmtestcontainer"],
},
},
enabled: true,
name: "olcmtest",
type: azure_native.storage.RuleType.Lifecycle,
}],
},
resourceGroupName: "res7687",
});
import pulumi
import pulumi_azure_native as azure_native
management_policy = azure_native.storage.ManagementPolicy("managementPolicy",
account_name="sto9699",
management_policy_name="default",
policy={
"rules": [{
"definition": {
"actions": {
"base_blob": {
"delete": {
"days_after_last_access_time_greater_than": 1000,
},
"enable_auto_tier_to_hot_from_cool": True,
"tier_to_archive": {
"days_after_last_access_time_greater_than": 90,
},
"tier_to_cool": {
"days_after_last_access_time_greater_than": 30,
},
},
"snapshot": {
"delete": {
"days_after_creation_greater_than": 30,
},
},
},
"filters": {
"blob_types": ["blockBlob"],
"prefix_match": ["olcmtestcontainer"],
},
},
"enabled": True,
"name": "olcmtest",
"type": azure_native.storage.RuleType.LIFECYCLE,
}],
},
resource_group_name="res7687")
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewManagementPolicy(ctx, "managementPolicy", &storage.ManagementPolicyArgs{
AccountName: pulumi.String("sto9699"),
ManagementPolicyName: pulumi.String("default"),
Policy: &storage.ManagementPolicySchemaArgs{
Rules: storage.ManagementPolicyRuleArray{
&storage.ManagementPolicyRuleArgs{
Definition: &storage.ManagementPolicyDefinitionArgs{
Actions: &storage.ManagementPolicyActionArgs{
BaseBlob: &storage.ManagementPolicyBaseBlobArgs{
Delete: &storage.DateAfterModificationArgs{
DaysAfterLastAccessTimeGreaterThan: pulumi.Float64(1000),
},
EnableAutoTierToHotFromCool: pulumi.Bool(true),
TierToArchive: &storage.DateAfterModificationArgs{
DaysAfterLastAccessTimeGreaterThan: pulumi.Float64(90),
},
TierToCool: &storage.DateAfterModificationArgs{
DaysAfterLastAccessTimeGreaterThan: pulumi.Float64(30),
},
},
Snapshot: &storage.ManagementPolicySnapShotArgs{
Delete: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
},
},
},
Filters: &storage.ManagementPolicyFilterArgs{
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
},
PrefixMatch: pulumi.StringArray{
pulumi.String("olcmtestcontainer"),
},
},
},
Enabled: pulumi.Bool(true),
Name: pulumi.String("olcmtest"),
Type: pulumi.String(storage.RuleTypeLifecycle),
},
},
},
ResourceGroupName: pulumi.String("res7687"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managementPolicy = new AzureNative.Storage.ManagementPolicy("managementPolicy", new()
{
AccountName = "sto9699",
ManagementPolicyName = "default",
Policy = new AzureNative.Storage.Inputs.ManagementPolicySchemaArgs
{
Rules = new[]
{
new AzureNative.Storage.Inputs.ManagementPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.ManagementPolicyDefinitionArgs
{
Actions = new AzureNative.Storage.Inputs.ManagementPolicyActionArgs
{
BaseBlob = new AzureNative.Storage.Inputs.ManagementPolicyBaseBlobArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterLastAccessTimeGreaterThan = 1000,
},
EnableAutoTierToHotFromCool = true,
TierToArchive = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterLastAccessTimeGreaterThan = 90,
},
TierToCool = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterLastAccessTimeGreaterThan = 30,
},
},
Snapshot = new AzureNative.Storage.Inputs.ManagementPolicySnapShotArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
},
},
},
Filters = new AzureNative.Storage.Inputs.ManagementPolicyFilterArgs
{
BlobTypes = new[]
{
"blockBlob",
},
PrefixMatch = new[]
{
"olcmtestcontainer",
},
},
},
Enabled = true,
Name = "olcmtest",
Type = AzureNative.Storage.RuleType.Lifecycle,
},
},
},
ResourceGroupName = "res7687",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.ManagementPolicy;
import com.pulumi.azurenative.storage.ManagementPolicyArgs;
import com.pulumi.azurenative.storage.inputs.ManagementPolicySchemaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managementPolicy = new ManagementPolicy("managementPolicy", ManagementPolicyArgs.builder()
.accountName("sto9699")
.managementPolicyName("default")
.policy(ManagementPolicySchemaArgs.builder()
.rules(ManagementPolicyRuleArgs.builder()
.definition(ManagementPolicyDefinitionArgs.builder()
.actions(ManagementPolicyActionArgs.builder()
.baseBlob(ManagementPolicyBaseBlobArgs.builder()
.delete(DateAfterModificationArgs.builder()
.daysAfterLastAccessTimeGreaterThan(1000.0)
.build())
.enableAutoTierToHotFromCool(true)
.tierToArchive(DateAfterModificationArgs.builder()
.daysAfterLastAccessTimeGreaterThan(90.0)
.build())
.tierToCool(DateAfterModificationArgs.builder()
.daysAfterLastAccessTimeGreaterThan(30.0)
.build())
.build())
.snapshot(ManagementPolicySnapShotArgs.builder()
.delete(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.build())
.build())
.build())
.filters(ManagementPolicyFilterArgs.builder()
.blobTypes("blockBlob")
.prefixMatch("olcmtestcontainer")
.build())
.build())
.enabled(true)
.name("olcmtest")
.type("Lifecycle")
.build())
.build())
.resourceGroupName("res7687")
.build());
}
}
resources:
managementPolicy:
type: azure-native:storage:ManagementPolicy
properties:
accountName: sto9699
managementPolicyName: default
policy:
rules:
- definition:
actions:
baseBlob:
delete:
daysAfterLastAccessTimeGreaterThan: 1000
enableAutoTierToHotFromCool: true
tierToArchive:
daysAfterLastAccessTimeGreaterThan: 90
tierToCool:
daysAfterLastAccessTimeGreaterThan: 30
snapshot:
delete:
daysAfterCreationGreaterThan: 30
filters:
blobTypes:
- blockBlob
prefixMatch:
- olcmtestcontainer
enabled: true
name: olcmtest
type: Lifecycle
resourceGroupName: res7687
The daysAfterLastAccessTimeGreaterThan property triggers actions based on when a blob was last read or written, not when it was created or modified. This configuration tiers blobs to Cool after 30 days without access, to Archive after 90 days, and deletes them after 1000 days. The enableAutoTierToHotFromCool property automatically promotes blobs back to Hot tier when they’re accessed from Cool storage, ensuring frequently used data stays in the fastest tier. Last access time tracking must be enabled at the storage account level before this policy can take effect.
Control tier transitions with cooldown periods
Some workloads need to prevent rapid tier changes that could increase costs or cause performance issues. Cooldown periods ensure blobs remain in a tier for a minimum duration before moving again.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const managementPolicy = new azure_native.storage.ManagementPolicy("managementPolicy", {
accountName: "sto9699",
managementPolicyName: "default",
policy: {
rules: [{
definition: {
actions: {
baseBlob: {
"delete": {
daysAfterModificationGreaterThan: 1000,
},
tierToArchive: {
daysAfterLastTierChangeGreaterThan: 120,
daysAfterModificationGreaterThan: 90,
},
tierToCool: {
daysAfterModificationGreaterThan: 30,
},
},
snapshot: {
tierToArchive: {
daysAfterCreationGreaterThan: 30,
daysAfterLastTierChangeGreaterThan: 90,
},
},
version: {
tierToArchive: {
daysAfterCreationGreaterThan: 30,
daysAfterLastTierChangeGreaterThan: 90,
},
},
},
filters: {
blobTypes: ["blockBlob"],
prefixMatch: ["olcmtestcontainer"],
},
},
enabled: true,
name: "olcmtest",
type: azure_native.storage.RuleType.Lifecycle,
}],
},
resourceGroupName: "res7687",
});
import pulumi
import pulumi_azure_native as azure_native
management_policy = azure_native.storage.ManagementPolicy("managementPolicy",
account_name="sto9699",
management_policy_name="default",
policy={
"rules": [{
"definition": {
"actions": {
"base_blob": {
"delete": {
"days_after_modification_greater_than": 1000,
},
"tier_to_archive": {
"days_after_last_tier_change_greater_than": 120,
"days_after_modification_greater_than": 90,
},
"tier_to_cool": {
"days_after_modification_greater_than": 30,
},
},
"snapshot": {
"tier_to_archive": {
"days_after_creation_greater_than": 30,
"days_after_last_tier_change_greater_than": 90,
},
},
"version": {
"tier_to_archive": {
"days_after_creation_greater_than": 30,
"days_after_last_tier_change_greater_than": 90,
},
},
},
"filters": {
"blob_types": ["blockBlob"],
"prefix_match": ["olcmtestcontainer"],
},
},
"enabled": True,
"name": "olcmtest",
"type": azure_native.storage.RuleType.LIFECYCLE,
}],
},
resource_group_name="res7687")
package main
import (
storage "github.com/pulumi/pulumi-azure-native-sdk/storage/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewManagementPolicy(ctx, "managementPolicy", &storage.ManagementPolicyArgs{
AccountName: pulumi.String("sto9699"),
ManagementPolicyName: pulumi.String("default"),
Policy: &storage.ManagementPolicySchemaArgs{
Rules: storage.ManagementPolicyRuleArray{
&storage.ManagementPolicyRuleArgs{
Definition: &storage.ManagementPolicyDefinitionArgs{
Actions: &storage.ManagementPolicyActionArgs{
BaseBlob: &storage.ManagementPolicyBaseBlobArgs{
Delete: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(1000),
},
TierToArchive: &storage.DateAfterModificationArgs{
DaysAfterLastTierChangeGreaterThan: pulumi.Float64(120),
DaysAfterModificationGreaterThan: pulumi.Float64(90),
},
TierToCool: &storage.DateAfterModificationArgs{
DaysAfterModificationGreaterThan: pulumi.Float64(30),
},
},
Snapshot: &storage.ManagementPolicySnapShotArgs{
TierToArchive: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
DaysAfterLastTierChangeGreaterThan: pulumi.Float64(90),
},
},
Version: &storage.ManagementPolicyVersionArgs{
TierToArchive: &storage.DateAfterCreationArgs{
DaysAfterCreationGreaterThan: pulumi.Float64(30),
DaysAfterLastTierChangeGreaterThan: pulumi.Float64(90),
},
},
},
Filters: &storage.ManagementPolicyFilterArgs{
BlobTypes: pulumi.StringArray{
pulumi.String("blockBlob"),
},
PrefixMatch: pulumi.StringArray{
pulumi.String("olcmtestcontainer"),
},
},
},
Enabled: pulumi.Bool(true),
Name: pulumi.String("olcmtest"),
Type: pulumi.String(storage.RuleTypeLifecycle),
},
},
},
ResourceGroupName: pulumi.String("res7687"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var managementPolicy = new AzureNative.Storage.ManagementPolicy("managementPolicy", new()
{
AccountName = "sto9699",
ManagementPolicyName = "default",
Policy = new AzureNative.Storage.Inputs.ManagementPolicySchemaArgs
{
Rules = new[]
{
new AzureNative.Storage.Inputs.ManagementPolicyRuleArgs
{
Definition = new AzureNative.Storage.Inputs.ManagementPolicyDefinitionArgs
{
Actions = new AzureNative.Storage.Inputs.ManagementPolicyActionArgs
{
BaseBlob = new AzureNative.Storage.Inputs.ManagementPolicyBaseBlobArgs
{
Delete = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 1000,
},
TierToArchive = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterLastTierChangeGreaterThan = 120,
DaysAfterModificationGreaterThan = 90,
},
TierToCool = new AzureNative.Storage.Inputs.DateAfterModificationArgs
{
DaysAfterModificationGreaterThan = 30,
},
},
Snapshot = new AzureNative.Storage.Inputs.ManagementPolicySnapShotArgs
{
TierToArchive = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
DaysAfterLastTierChangeGreaterThan = 90,
},
},
Version = new AzureNative.Storage.Inputs.ManagementPolicyVersionArgs
{
TierToArchive = new AzureNative.Storage.Inputs.DateAfterCreationArgs
{
DaysAfterCreationGreaterThan = 30,
DaysAfterLastTierChangeGreaterThan = 90,
},
},
},
Filters = new AzureNative.Storage.Inputs.ManagementPolicyFilterArgs
{
BlobTypes = new[]
{
"blockBlob",
},
PrefixMatch = new[]
{
"olcmtestcontainer",
},
},
},
Enabled = true,
Name = "olcmtest",
Type = AzureNative.Storage.RuleType.Lifecycle,
},
},
},
ResourceGroupName = "res7687",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.storage.ManagementPolicy;
import com.pulumi.azurenative.storage.ManagementPolicyArgs;
import com.pulumi.azurenative.storage.inputs.ManagementPolicySchemaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managementPolicy = new ManagementPolicy("managementPolicy", ManagementPolicyArgs.builder()
.accountName("sto9699")
.managementPolicyName("default")
.policy(ManagementPolicySchemaArgs.builder()
.rules(ManagementPolicyRuleArgs.builder()
.definition(ManagementPolicyDefinitionArgs.builder()
.actions(ManagementPolicyActionArgs.builder()
.baseBlob(ManagementPolicyBaseBlobArgs.builder()
.delete(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(1000.0)
.build())
.tierToArchive(DateAfterModificationArgs.builder()
.daysAfterLastTierChangeGreaterThan(120.0)
.daysAfterModificationGreaterThan(90.0)
.build())
.tierToCool(DateAfterModificationArgs.builder()
.daysAfterModificationGreaterThan(30.0)
.build())
.build())
.snapshot(ManagementPolicySnapShotArgs.builder()
.tierToArchive(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.daysAfterLastTierChangeGreaterThan(90.0)
.build())
.build())
.version(ManagementPolicyVersionArgs.builder()
.tierToArchive(DateAfterCreationArgs.builder()
.daysAfterCreationGreaterThan(30.0)
.daysAfterLastTierChangeGreaterThan(90.0)
.build())
.build())
.build())
.filters(ManagementPolicyFilterArgs.builder()
.blobTypes("blockBlob")
.prefixMatch("olcmtestcontainer")
.build())
.build())
.enabled(true)
.name("olcmtest")
.type("Lifecycle")
.build())
.build())
.resourceGroupName("res7687")
.build());
}
}
resources:
managementPolicy:
type: azure-native:storage:ManagementPolicy
properties:
accountName: sto9699
managementPolicyName: default
policy:
rules:
- definition:
actions:
baseBlob:
delete:
daysAfterModificationGreaterThan: 1000
tierToArchive:
daysAfterLastTierChangeGreaterThan: 120
daysAfterModificationGreaterThan: 90
tierToCool:
daysAfterModificationGreaterThan: 30
snapshot:
tierToArchive:
daysAfterCreationGreaterThan: 30
daysAfterLastTierChangeGreaterThan: 90
version:
tierToArchive:
daysAfterCreationGreaterThan: 30
daysAfterLastTierChangeGreaterThan: 90
filters:
blobTypes:
- blockBlob
prefixMatch:
- olcmtestcontainer
enabled: true
name: olcmtest
type: Lifecycle
resourceGroupName: res7687
The daysAfterLastTierChangeGreaterThan property adds a minimum time-in-tier requirement before the next transition. In this configuration, blobs must remain in Cool tier for at least 120 days (daysAfterLastTierChangeGreaterThan: 120) before moving to Archive, even if they’ve been modified for 90 days (daysAfterModificationGreaterThan: 90). This prevents blobs from rapidly cycling through tiers, which can increase transaction costs. The same logic applies to snapshots and versions using daysAfterCreationGreaterThan combined with daysAfterLastTierChangeGreaterThan.
Beyond these examples
These snippets focus on specific lifecycle management features: time-based tiering (modification, creation, access, tier change), blob type filtering and prefix matching, and snapshot and version lifecycle management. They’re intentionally minimal rather than full storage governance solutions.
The examples reference pre-existing infrastructure such as Azure storage accounts with blob containers, resource groups, and last access time tracking (for access-based policies). They focus on configuring lifecycle rules rather than provisioning the storage infrastructure.
To keep things focused, common lifecycle patterns are omitted, including:
- Blob index tag filtering (blobIndexMatch)
- Multiple rules with different filters in one policy
- Append blob-specific lifecycle actions
- Policy disabling and rule-level enable/disable
These omissions are intentional: the goal is to illustrate how each lifecycle feature is wired, not provide drop-in storage management modules. See the Storage ManagementPolicy resource reference for all available configuration options.
Let's configure Azure Storage Management Policies
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration Basics
What value should I use for managementPolicyName?
Always use
default as the managementPolicyName value. This is the only valid name for storage account management policies.What properties are immutable after creation?
The
accountName, managementPolicyName, and resourceGroupName properties cannot be changed after the management policy is created.How do I structure a lifecycle management policy?
The
policy property contains a rules array. Each rule has a name, enabled status, type (set to Lifecycle), and a definition with actions and filters.Lifecycle Actions & Tiering
What lifecycle actions are available for blobs?
You can configure
delete, tierToCool, tierToArchive, tierToHot, and tierToCold actions. These apply to base blobs, snapshots, and versions.What's the difference between baseBlob, snapshot, and version actions?
baseBlob actions apply to current blob versions, snapshot actions apply to blob snapshots, and version actions apply to previous blob versions. Each can have independent lifecycle rules.Can I automatically tier blobs back to hot storage?
Yes, use
tierToHot with time conditions or set enableAutoTierToHotFromCool to true in baseBlob actions to automatically promote cool blobs back to hot tier.Filtering & Targeting Blobs
How do I target specific blobs with lifecycle rules?
Use
filters with blobTypes (e.g., blockBlob, appendBlob), prefixMatch for container/path patterns, and blobIndexMatch for tag-based filtering.How do I filter blobs by tags?
Use
blobIndexMatch in filters with an array of tag conditions. Each condition has name, op (set to ==), and value fields.What blob types can I manage with lifecycle policies?
You can manage
blockBlob and appendBlob types. Specify these in the blobTypes filter array.Time-Based Conditions
What time-based conditions can trigger lifecycle actions?
Four conditions are available:
daysAfterModificationGreaterThan, daysAfterCreationGreaterThan, daysAfterLastAccessTimeGreaterThan, and daysAfterLastTierChangeGreaterThan.Can I use last access time for lifecycle rules?
Yes, use
daysAfterLastAccessTimeGreaterThan in your action definitions. This requires last access time tracking to be enabled on your storage account.How do I prevent frequent tier changes?
Use
daysAfterLastTierChangeGreaterThan to ensure a minimum time period between tier changes, preventing blobs from being moved too frequently.