Error creating storage account with network rules

venkatesh443 · March 9, 2022, 3:27pm

Error: retrieving Storage Account: (Name “sqldbzzzzz7storage” / Resource Group “rg-zzzzz-ca-hhf-akr1maacs-westus2”): storage.AccountsClient#GetProperties: Failure responding to request: StatusCode=404 – Original Error: autorest/azure: Service returned an error. Status=404 Code=“StorageAccountNotFound” Message=“The storage account sqldbzzzzz7storage was not found.”

data “azurerm_subnet” “sqlserver” {

name = var.subnetName

virtual_network_name = var.vnetName

resource_group_name = var.vnetRg

}

Creating a storgae account for sql server audit

resource “azurerm_storage_account” “sqlserver” {

name = var.sqlStorageAccountName

resource_group_name = var.resource_group.name

location = var.location

account_tier = “Standard”

account_replication_type = “LRS”

enable_https_traffic_only = true

min_tls_version = “TLS1_2”

network_rules {

default_action             = "Deny"

virtual_network_subnet_ids = [data.azurerm_subnet.sqlserver.id]

bypass                     = ["None"]

}

aleblanc70 · June 30, 2022, 2:42pm

I have the same behavior. I believe it’s because of our Global policy on storage account we deny public IP. So I add my IP in ip_rules and I can create my sa.

  network_rules {
    default_action = "Deny"

    ip_rules = [
      "xxx.xxx.xxx.xxx",  #Personal
      "yyy.yyy.yyy.yyy"   #Work
    ]

    # virtual_network_subnet_ids = [
    #   azurerm_subnet.avd_subnet.id
    # ]
  }

How can I keep my policy and make it work. If I remove my ip_rules I get the error StatusCode=404 – Original Error: autorest/azure: Service returned an error. Status=404 Code=“StorageAccountNotFound” Message

    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.11.0"
    }

If I configure a private endpoint will I be able to create my storage account ?
I run my TF code from my laptop or through our GITLAB on-prem