Azure storage account with PE and a storage container creation using terraform

Hemanth Kumar 0 Reputation points
2024-09-25T11:19:05.8666667+00:00

Im creating a stroage account with a private endpoint and then a storage container under the same storage using terraform. Now my question is, public access is set to true and enabled the Azure trusted services. My PE is configured to the storage account. However, when the terraform try to deploy storage container, i get the below error

" executing request: unexpected status 403 (403 This request is not authorized to perform this operation.) with AuthorizationFailure: This request is not authorized to perform this

operation."

I use Azure spn which has all the permissions like (contributor and storage blob data contributor) at the subscription level.

Im trying to deploy everything using my local laptop. I dont want to allow my client IP in the storage networking section or create an other VM within the same network and do a deployment from there.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,171 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sina Salam 10,726 Reputation points
    2024-09-25T17:18:04.31+00:00

    Hello Hemanth Kumar,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you are having unexpected status 403 (403 This request is not authorized to perform this operation.

    The configuration of your private endpoint and DNS settings is most likely an issue regarding the error code and your explanation.

    This is a similar question that has been answered on this platform.

    For more details on your DNS settings, the Azure SPN necessary roles, and Azure Storage diagnostic correct configurations to resolve the private endpoint check out this link: https://learn.microsoft.com/en-us/answers/questions/1534786/authorizationfailure-error-403-when-using-private answered by @KarishmaTiwari-MSFT

    Also, to review your Terraform configuration for accurate reference the private endpoint and storage account settings: https://learn.microsoft.com/en-us/answers/questions/50768/as-soon-as-i-add-private-endpoint-to-storage-accou answered by @Sumarigo-MSFT

    To verify that your local laptop can access the storage account through the private endpoint use this link: https://learn.microsoft.com/en-us/answers/questions/1850074/resolving-403-error-during-blob-upload-with-privat answered by @Abdul

    Lastly, even with a private endpoint, the firewall settings need to allow trusted Azure services checkout this answer too: https://learn.microsoft.com/en-us/answers/questions/1166011/getting-a-403-error-when-connecting-to-a-blob-cont answered by @Ramya Harinarthini_MSFT

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.


    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.