Share via

Unable to fetch storage account after disabling Public acess & Key acess using terraform with Github actions(OIDC)

Satish B 110 Reputation points
2026-02-10T11:22:06.6266667+00:00

Hello Team,

I have Management & Spoke subscriptions & Stored terraform state file in Azure storage account in Management subscription and also, I have created one storage account in Spoke subscription using terraform. After I have disabled public acess & Key acess for storage accounts. while running Github actions pipeline with OIDC authentication (Github Runners). Its giving error like unable to acess the storage account. How to fix this issue.

Thanks & Regards

Satish

Azure Storage
Azure Storage

Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Satish B 110 Reputation points
    2026-02-12T12:42:11.8133333+00:00

    Any Azure IP's to be whitelisted in Github Default runners to fix this issue

    Can someone Please suggest

    0 comments
  2. Q&A Assist
    2026-02-10T11:22:16.8833333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When you disable public access and key access for your Azure storage accounts, you need to ensure that your GitHub Actions pipeline can authenticate and access the storage account using the appropriate method. Since you are using OIDC authentication with GitHub runners, here are some steps to troubleshoot and resolve the issue:

    1. Service Principal Permissions: Ensure that the service principal used by your GitHub Actions has the necessary permissions to access the storage account. You may need to assign the Storage Blob Data Contributor role to the service principal for the storage account.
    2. Network Configuration: Since public access is disabled, make sure that the storage account is accessible from the GitHub Actions runners. If you have configured a firewall or virtual network service endpoints, ensure that the IP addresses of the GitHub Actions runners are allowed.
    3. Authentication Method: Verify that your GitHub Actions workflow is correctly set up to use OIDC for authentication. Ensure that the workflow is configured to authenticate against Azure using the correct service principal and that the necessary secrets are set in your GitHub repository.
    4. Access Policies: Check if you have set up any access policies that might restrict access to the storage account. You may need to adjust these policies to allow access from your GitHub Actions.
    5. Logs and Errors: Review the logs from your GitHub Actions run to identify any specific error messages that can provide more details on why access is being denied.

    By following these steps, you should be able to diagnose and resolve the access issue with your Azure storage account when using GitHub Actions with OIDC authentication.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.