CDKTF, C# error creating Storage share "checking for existence of storage share 'x' "

Hi there CDK team,

I am having issues with the creation of a Storage share. Whenever I try to apply the following resources to my environment, I get the following error regarding the “existence” of the storage share and telling me that I am not “authorized” (which has to be created first):

Error: checking for existence of existing Storage Share “authtickets” (Account “cassyswedevteststorage” / Resource Group “cassys-we-devtest-rg”): shares.Client#GetProperties: Failure responding to request: StatusCode=403 – Original Error: autorest/azure: Service returned an error. Status=403 Code=“AuthorizationFailure” Message=“This request is not authorized to perform this operation.”

The declarations of both the storage account and storage share:

            StorageAccount SA = new StorageAccount(this, "azurerm_storage_account_SA", new StorageAccountConfig
            {
                Name = nameGen.GetResNames()["Storage"],
                ResourceGroupName = RG.Name,
                Location = RG.Location,

                AccountTier = "Standard",
                AccountKind = "StorageV2",
                AccountReplicationType = "RAGRS",

                NetworkRules = new StorageAccountNetworkRules
                {
                    DefaultAction = "Deny",
                    VirtualNetworkSubnetIds = new string[] { AKSsbnet.Id },
                    IpRules = new string[] { "<omitted>", "<omitted>" }
                },
            });

            StorageShare SH = new StorageShare(this, "azurerm_storage_share_authtickets", new StorageShareConfig
            {
                Name = "authtickets",
                StorageAccountName = SA.Name,
                Quota = 5
            });

Is there a way to remediate this?
Both the CDKTF and provider library have been updated to the latest version

Thank you for your time

“This request is not authorized to perform this operation.”

Sounds to me like it’s a permission issue, you should check if you can do these actions with your user account in general. (You seem to be using the “cassyswedevteststorage” account)

Thank you for the quick reply

Could you perhaps give more hints as to where I can change and or check something like that? I’m not that familiar with Azure’s cloud platform (or any cloud platform in general)

Got it, it had to do with the Id of the share

underscores are not allowed :upside_down_face:

Got to love the descriptive errors which are not visible whenever you want to deploy something. Thanks Azure

It turns out that the name was not the issue, back to square 1

Fixed it for good, had to do with the whitelisted IP-addresses inside of the subnet it was assigned to.

Networking is hard

1 Like