Logic app trigger when blob is created showing error

Sarah C Benjamin 1 Reputation point

I have created a logic app and I want it to trigger when a new blob is added to a storage account. As soon as I add this trigger, the following error comes, its not very descriptive and not sure which permissions is it not seeing.

Please check your account info and/or permissions and try again. Details: This request is not authorized to perform this operation.

I am following instructions mentioned here https://learn.microsoft.com/en-us/azure/connectors/connectors-create-api-azureblobstorage#add-blob-storage-trigger

HTTP trigger works but then then storage connection step fails again. I am not sure what account info or permissions is not given.

Also, when I try to create a new connection . I am still seeing the same error.

Also, I noticed that storage account and logic app cant be in the same region. I kept them separate by having storage app in West US 2 and logic app in West US 1.

I am following the instructions in this article too. But have the same issue.

Here is a screenshot of that. Http connection works but Azure Blob storage connection does not.


Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,569 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
1,833 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. MayankBargali-MSFT 49,961 Reputation points

    @Sarah C Benjamin Logic apps can't directly access storage accounts behind firewalls when they're both in the same region. As a workaround, put your logic apps in a region that differs from your storage account and give access to the outbound IP addresses for the managed connectors in your region, and the same is mentioned in this document.

    This article talks about how you can communicate with storage REST services as the Local communication in the datacenter abstracts the internal IP addresses, so you can't set up firewall rules with IP restrictions and the same is mentioned in this document and the other solution for this scenario is mentioned on the same section of the article.

    In nutshell, you cannot use a storage connector behind the firewall for the same region. The workaround is mentioned here and another article takes the about the same. If the storage account is in a different region behind the firewall then you need to give access to the access to the [outbound IP addresses for the managed connectors in your region.

    You either need to use an HTTP trigger way to access the storage using storage REST API from the logic app within the same region. For different regions make sure you have added the outbound IP in your storage account.

    Hope the above helps you to resolve the issue. Feel free to reach out to me if you need any assistance.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

  2. Shokoufeh Abrishami 26 Reputation points


    I have the same problem!

    what should I do if the private end points of the storage need to be kept?

    Appreciate it if you help me?

    No comments