1. Create azurerm_storage_account
: accounts.Client#GetServiceProperties: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
-
The private endpoint is not correctly setup. The reference config can be found at https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint
Fix: Setup the PE correctly
-
The DNS cache is not refreshed to point to the correct storage account endpoint. This can cause 404 status code, or makes dns resolving failure. The detailed explanation can be found at: hashicorp/terraform-provider-azurerm#13070 (comment)
Fix: Create the storage account with another name
Run nslookup
against the storage endpoint that failed on the machine running terraform to ensure the error is indeed a dns resolve issue
The error above is unfortunately unclear. This should be improved by merging hashicorp/terraform-provider-azurerm#21464.
2. Creating azurerm_storage_account
: Error: retrieving Storage Account: (Name "xxx" / Resource Group "xxx"): storage.AccountsClient#GetProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account xxx was not found."
- The
service_endpoints = ["Microsoft.Storage"]
isn’t specified in theazurerm_subnet
that is used in thenetwork_rules
of theazurerm_storage_account
.
Look at the provider log and you shall see something like:
{"status":"Failed","error":{"code":"NetworkAclsValidationFailure","message":"Validation of network acls failure: SubnetsHaveNoServiceEndpointsConfigured:Subnets my-subnet of virtual network xxxx do not have ServiceEndpoints for Microsoft.Storage resources configured. Add Microsoft.Storage to subnet's ServiceEndpoints collection before trying to ACL Microsoft.Storage resources to these subnets.."}}
The provider’s error message is confusing, we shall either merge the PR hashicorp/terraform-provider-azurerm#16573 or migrate to the new SDK to make the error meaningful.
3. Creating azurerm_storage_conatiner
: containers.Client#Create: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound"
-
The DNS cache is not refreshed to point to the correct storage account endpoint. This can cause 404 status code, or makes dns resolving failure. The detailed explanation can be found at: hashicorp/terraform-provider-azurerm#13070 (comment)
Fix: Create the storage account with another name
- hashicorp/terraform-provider-azurerm#15609
- hashicorp/terraform-provider-azurerm#13070
- hashicorp/terraform-provider-azurerm#10872
4. Creating azurerm_storage_container
: Error creating container "xxx" in storage account "xxx": storage: service returned error: StatusCode=403, ErrorCode=AuthorizationFailure, ErrorMessage=This request is not authorized to perform this operation.
- The provisioning agent’s IP is blocked by the
network_rules
There might be case that the user claims the ip of the agent is indeed whitelisted in the network_rules
, while still hit the error. The reason might be that the agent resides in the same region as the target resource, see: hashicorp/terraform-provider-azurerm#2977 (comment)