Thursday 7 November 2019

Resolving “ERROR: There was a conflict. The remote server returned an error: (403) Forbidden.” While Creating Function App in Azure in IaC

You can use Infrastructure as code (IaC) to create resources in Azure and use that in the Azure DevOps pipelines. However, if you are using IaC create an Azure function where the storage account of the function is added to Virtual Network (vnet in Azure) you may run into the issue ERROR: There was a conflict. The remote server returned an error: (403) Forbidden. To fix this issue you can set the storage account to allow any network while deploying function app and then reapply the restriction on storage access. Let’s see the cause of the error and how to resolve as the error message is really misleading.

The issue

When you have a storage account in a vnet in Azure, it does not allow you to create a function app utilizing that storage account via Azure portal or via command line such as CLI that can be used to write IaC. But the error message is misleading and it does not help to understand the real issue. There is no real conflict here it is rather the accessibility to storage account is going to cause the error message.

How to resolve

To resolve the issue you can simply allow storage account to be used from all networks using the Azure CLI command as shown below or go to portal and set the fire wall settings in the storage account to allow all networks.

az storage account update -n 'storageaccountname' -g 'resourcegroupname' --default-action 'Allow'
Once the deployment completed you can apply the firewall rules back using below CLI command.
az storage account update -n 'storageaccountname' -g 'resourcegroupname' --default-action 'Deny'
Since we have not removed the association of storage account with the relevant vnet remains intact once we reapply the network restrictions to storage account.
Add the Azure function to vnet and to same subnet which is associated to the storage account. The function would be ready and would be able to access the storage account without any issues.

No comments:

Popular Posts