From the “terraform cloud (https://app.terraform.io/)” we are running the script to create the resources like Azure Storage and Azure File Share. And also we are applying the network rules to allow the access from specific subnets.
The initial creating is successful but the subsequent refresh/modification/destroy are failing with below error:
Error: shares.Client#GetProperties: Failure responding to request: StatusCode=403 – Original Error: autorest/azure: Service returned an error. Status=403 Code=“AuthorizationFailure” Message=“This request is not authorized to perform this operation.\nRequestId:e56a5992-a01a-0055-0a58-14072f000000\nTime:2022-01-28T15:04:00.6179534Z”
│
│ with azurerm_storage_share.broker01,
│ on storage_account.tf line 89, in resource “azurerm_storage_share” “broker01”:
│ 89: resource “azurerm_storage_share” “broker01” {
│
Below code is part of the script:
resource “azurerm_storage_account” “storageaccount” {
resource_group_name = azurerm_resource_group.rg.name
name = var.storage_account_name
location = local.location
account_tier = “Standard”
account_replication_type = “LRS”
min_tls_version = “TLS1_2”
}
resource “azurerm_storage_account_network_rules” “subnets_allow” {
resource_group_name = azurerm_resource_group.rg.name
storage_account_name = azurerm_storage_account.storageaccount.name
default_action = “Deny”
virtual_network_subnet_ids = [data.azurerm_subnet.internal.id, data.azurerm_subnet.aks.id]
}
resource “azurerm_storage_share” “broker01” {
name = var.share_file_broker1
storage_account_name = azurerm_storage_account.storageaccount.name
quota = 51
}
Could you please help here, how to allow/whitelist traffic from terraform cloud to perform refresh/modify/destroy operation on the initial created storage account.