initial file creation

quickstart/101-azure-virtual-desktop/afstorage.tf

@@ -0,0 +1,43 @@
+## Create a Resource Group for Storage
+resource "azurerm_resource_group" "rg_storage" {
+  location = "east us"
+  name     = "af-storage-rg"
+}
+
+# generate a random string (consisting of four characters)
+# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string
+resource "random_string" "random" {
+  length  = 4
+  upper   = false
+  special = false
+}
+
+## Azure Storage Accounts requires a globally unique names
+## https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
+## Create a File Storage Account 
+resource "azurerm_storage_account" "storage" {
+  name                     = "stor${random_string.random.id}"
+  resource_group_name      = azurerm_resource_group.rg_storage.name
+  location                 = azurerm_resource_group.rg_storage.location
+  account_tier             = "Premium"
+  account_replication_type = "LRS"
+  account_kind             = "FileStorage"
+}
+
+resource "azurerm_storage_share" "FSShare" {
+  name                 = "fslogix"
+  storage_account_name = azurerm_storage_account.storage.name
+  depends_on           = [azurerm_storage_account.storage]
+}
+
+## Azure built-in roles
+## https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
+data "azurerm_role_definition" "storage_role" {
+  name = "Storage File Data SMB Share Contributor"
+}
+
+resource "azurerm_role_assignment" "af_role" {
+  scope              = azurerm_storage_account.storage.id
+  role_definition_id = data.azurerm_role_definition.storage_role.id
+  principal_id       = azuread_group.aad_group.id
+}