Logic app trigger when blob is created showing error

Sarah C Benjamin 1 Reputation point
2021-04-15T18:20:19.937+00:00

I have created a logic app and I want it to trigger when a new blob is added to a storage account. As soon as I add this trigger, the following error comes, its not very descriptive and not sure which permissions is it not seeing.

Please check your account info and/or permissions and try again. Details: This request is not authorized to perform this operation.

I am following instructions mentioned here https://learn.microsoft.com/en-us/azure/connectors/connectors-create-api-azureblobstorage#add-blob-storage-trigger

HTTP trigger works but then then storage connection step fails again. I am not sure what account info or permissions is not given.
88391-image.png

Also, when I try to create a new connection . I am still seeing the same error.
88337-image.png

Also, I noticed that storage account and logic app cant be in the same region. I kept them separate by having storage app in West US 2 and logic app in West US 1.

I am following the instructions in this article too. But have the same issue.
https://techcommunity.microsoft.com/t5/integrations-on-azure/access-storage-accounts-behind-firewalls-from-logic-apps-within/ba-p/1997801

Here is a screenshot of that. Http connection works but Azure Blob storage connection does not.

88383-image.png

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,670 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,829 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MayankBargali-MSFT 68,391 Reputation points
    2021-04-16T02:06:02.493+00:00

    @Sarah C Benjamin Logic apps can't directly access storage accounts behind firewalls when they're both in the same region. As a workaround, put your logic apps in a region that differs from your storage account and give access to the outbound IP addresses for the managed connectors in your region, and the same is mentioned in this document.

    This article talks about how you can communicate with storage REST services as the Local communication in the datacenter abstracts the internal IP addresses, so you can't set up firewall rules with IP restrictions and the same is mentioned in this document and the other solution for this scenario is mentioned on the same section of the article.

    In nutshell, you cannot use a storage connector behind the firewall for the same region. The workaround is mentioned here and another article takes the about the same. If the storage account is in a different region behind the firewall then you need to give access to the access to the [outbound IP addresses for the managed connectors in your region.

    You either need to use an HTTP trigger way to access the storage using storage REST API from the logic app within the same region. For different regions make sure you have added the outbound IP in your storage account.

    Hope the above helps you to resolve the issue. Feel free to reach out to me if you need any assistance.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

  2. Shokoufeh Abrishami 26 Reputation points
    2022-03-03T08:40:12.377+00:00

    Hi,

    I have the same problem!

    what should I do if the private end points of the storage need to be kept?

    Appreciate it if you help me?

    0 comments