Azure Automation Account connection to Storage Account

Colmenares Heredia, Victor 0 Reputation points
2024-08-26T09:39:22.91+00:00

Hi, I would like to request some support on this.

I have created a PowerShell script to transfer data from a blob container to an Azure fileshare, this script is inside an automation account runbook, both storage accounts where the blob and fileshare belong to the same resource group.

The Automation account has a system-managed identity configured as contributor role, with the storage account resource group.

The thing here is the storage account where the blob storage is stored, has configured the option "Enabled from selected virtual networks and IP addresses" in the Public network access section. It is causing the automation account to fail in the execution, obtaining:

This request is not authorized to perform this operation. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation. ErrorCode: AuthorizationFailure ErrorMessage: This request is not authorized to perform this operation.

The created script, was tested in storage accounts with Public network access configured as Enable from all networks, and the procedure works fine.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,223 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,257 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Uwe Fuchs 125 Reputation points
    2024-08-27T03:36:29.28+00:00

    It appears here that the issue is that the Azure Automation account, is unable to access the storage account due to network restrictions. When network access is limited to selected virtual networks and IP addresses, we need to add the public IP of the Automation Account to the storage account’s network settings.
    If the Automation account has a static IP address, you can add this IP to the list of allowed IP addresses in the storage account’s network settings.

    If the IP address is not static, you may need to allow the entire IP range for the Azure region where your Automation account is located. This not always ideal, but is a potential solution to the issue.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.