[Doc]: APIM backup no longer working #27092
Description
Type of issue
Outdated article
Feedback
Our APIM backup no longer works. MS documentation https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-disaster-recovery-backup-restore?tabs=powershell was fallowed for the intitial setup.
The Automation Account is running the PS backup script in 5.1. Have tried in 7.2 but same error.
The Automation Account (system identity enabled), has following access to the storage account/blob and is applied at the resource group level
The AA account thas API Management Service Operatior Role, Storage Account Key Operator Service Role, Storage Blob Data contributor.
The needed variables are added at the AA variables pane.
The script shows that it retrives the nessasary parameters including the SAS key required for backup.
APIM (system identity enabled) has follwoing access:
API Management Configuration API Access Validator Service Role, Key Vault Secrets User and Storage Blob Data contributor, all at the RG level.
The scrpt fails at the backup step with a generic error of: “Backup-AzApiManagement: Line | 90 | Backup-AzApiManagement -ResourceGroupName $BackupapiManagementResour … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Operation returned an invalid status code 'BadRequest'”
Up to that point every step returns called out information.
Here is the script:
<#
Your Automation Account (AA) Managed Identity Requires The Following Permissions For The Script Below To Work. Enable the System Managed Identity (MI) For Your AA.
Then,
Grant the following:
"Storage Account Contributor" for the AA MI.
This can be on the Resource Group Level or directly on the Storage Account.
"API Management Service Operator Role" onto the APIM instance
This can be on the Resource Group Level or directly on the API Management Resource.
#>
#>
#Param
(
[Parameter (Mandatory=$true)]
[string] $BackupStorageAccountName,
[Parameter (Mandatory=$true)]
[string] $BackupStorageResourceGroup,
[Parameter (Mandatory=$true)]
[string] $BackupcontainerName,
[Parameter (Mandatory=$true)]
[string] $BackupapiManagementName,
[Parameter (Mandatory=$true)]
[string] $BackupapiManagementResourceGroup
)
#>
$BackupStorageAccountName = Get-AutomationVariable -Name "BackupStorageAccountName"
$BackupStorageResourceGroup = Get-AutomationVariable -Name "BackupStorageResourceGroup"
$BackupcontainerName = Get-AutomationVariable -Name "BackupcontainerName"
$BackupapiManagementName = Get-AutomationVariable -Name "BackupapiManagementName"
$BackupapiManagementResourceGroup = Get-AutomationVariable -Name "BackupapiManagementResourceGroup"
##########################################################
Script to backup api management service.
##########################################################
Azure specific details
$BackupsubscriptionId = Get-AutomationVariable -Name "BackupsubscriptionId "
$BackupTenantId = Get-AutomationVariable -Name "BackupTenantId "
Connect to Azure using Automation Account MSI
Connect-AzAccount -Tenant $BackupTenantId -SubscriptionId $BackupsubscriptionId -Identity
$datestamp = Get-Date -UFormat "%Y_%m_%d"
$backupName = $BackupapiManagementName + "-backup-" +$datestamp+".apimbackup"
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $BackupStorageResourceGroup -Name $BackupStorageAccountName)[0].Value
$Context = New-AzStorageContext -StorageAccountName $BackupStorageAccountName -StorageAccountKey $storageKey
Backup API Management service.
Backup-AzApiManagement -ResourceGroupName $BackupapiManagementResourceGroup -Name $BackupapiManagementName -StorageContext $Context -TargetContainerName $BackupcontainerName -TargetBlobName $backupName
$backupName + "created in " + $BackupcontainerName + " Container"
Disconnect-AzAccount
Your help is very much appriciated!
### Page URL
_No response_
### Content source URL
_No response_
### Author
_No response_
### Document Id
_No response_