azurerm_logic_app_standard deployment without using Storage account key #25419
Labels
enhancement
service/logic
upstream/microsoft/needs-support-on-azure-api
This label is applicable when support for a feature is not currently available on the Azure API.
Is there an existing issue for this?
Community Note
Description
Is it possible to deploy logic app standard in azure without using storage account keys?
The current resource has this field as mandatory storage_account_access_key
In my subscription we have an azure policy preventing storage account to use storage account keys as authorization, I'd rather use identity of the logic App if possible.
The storage account is private endpointed and has user managed identity assigned with contributor access.
While deploying logic App standard with user managed identity the deployment fails with
web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Creation of storage file share failed with: 'The remote server returned an error: (403) Forbidden.'. Please check if the storage account is accessible." Details=[{"Message":"Creation of storage file share failed with: 'The remote server returned an error: (403) Forbidden.'. Please check if the storage account is accessible."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"99022","Message":"Creation of storage file share failed with: 'The remote server returned an error: (403) Forbidden.'. Please check if the storage account is accessible.","MessageTemplate":"Creation of storage file share failed with: '{0}'. Please check if the storage account is accessible.","Parameters":["The remote server returned an error: (403) Forbidden."]}}]
New or Affected Resource(s)/Data Source(s)
azurerm_logic_app_standard
Potential Terraform Configuration
References
No response
The text was updated successfully, but these errors were encountered: