atst/terraform/modules/bucket/main.tf

#locals {
#  whitelist = [
#    for cidr in values(var.whitelist): {
#      ip = cidrhost(cidr, 0)
#    }
#  ]
#}

resource "azurerm_resource_group" "bucket" {
  name     = "${var.name}-${var.environment}-${var.service_name}"
  location = var.region
}

resource "azurerm_storage_account" "bucket" {
  name                     = var.service_name
  resource_group_name      = azurerm_resource_group.bucket.name
  location                 = azurerm_resource_group.bucket.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_account_network_rules" "acls" {
  resource_group_name  = azurerm_resource_group.bucket.name
  storage_account_name = azurerm_storage_account.bucket.name

  default_action = var.policy

  # Azure Storage CIDR ACLs do not accept /32 CIDR ranges.
  ip_rules = [
    for cidr in values(var.whitelist) : cidr
  ]
  virtual_network_subnet_ids = var.subnet_ids
  bypass                     = ["AzureServices"]
}

resource "azurerm_storage_container" "bucket" {
  name                  = "content"
  storage_account_name  = azurerm_storage_account.bucket.name
  container_access_type = var.container_access_type
}