When I am deploying Azure Storage account using terraform, I am getting error like – Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded.
When I am removing the code for private endpoint creation, the Storage account is getting deployed. But when I am using all the code together for storage account and private endpoint, my pipeline is failing with above error mentioned.
my main.tf file code provided below –
resource "azurerm_storage_account" "saflow" {
name = .......
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "LRS"
min_tls_version = "TLS1_2"
allow_nested_items_to_be_public = false
identity {
type = "SystemAssigned"
}
blob_properties {
delete_retention_policy {
days = 30
}
container_delete_retention_policy {
days = 30
}
versioning_enabled = true
}
queue_properties {
logging {
delete = true
read = true
write = true
version = "1.0"
retention_policy_days = 10
}
hour_metrics {
enabled = true
include_apis = true
retention_policy_days = 10
version = "1.0"
}
minute_metrics {
enabled = true
include_apis = true
retention_policy_days = 10
version = "1.0"
}
}
}
resource "azurerm_storage_container" "container" {
count = "${length(var.containername)}"
name = "${element(var.containername,count.index)}"
storage_account_name = azurerm_storage_account.saflow.name
container_access_type = "private"
depends_on = [azurerm_storage_account.saflow]
}
resource "null_resource" "log_enabler" {
triggers = {
always_run = "${timestamp()}"
}
depends_on = [
azurerm_storage_account.saflow
]
provisioner "local-exec" {
command = "az storage logging update --log rwd --retention 30 --services qtb --account-name ${azurerm_storage_account.saflow.name} --account-key ${azurerm_storage_account.saflow.primary_access_key}"
}
}
resource "azurerm_private_endpoint" "endpoint" {
name = .......
resource_group_name = data.azurerm_resource_group.rgnetwork.name
location = data.azurerm_resource_group.rgnetwork.location
subnet_id = data.azurerm_subnet.subnet.id
private_dns_zone_group {
name = ....
private_dns_zone_ids = [data.azurerm_private_dns_zone.dns.id]
}
private_service_connection {
name = ....
is_manual_connection = false
private_connection_resource_id = azurerm_storage_account.saflow.id
subresource_names = ["blob"]
}
depends_on = [azurerm_storage_container.container]
}
resource "azurerm_private_dns_a_record" recordglobal {
provider = "azurerm.globalsub"
name = azurerm_storage_account.saflow.name
zone_name = data.azurerm_private_dns_zone.dns.name
resource_group_name = data.azurerm_resource_group.rgglobal.name
ttl = 10
records = [azurerm_private_endpoint.endpoint.private_service_connection[0].private_ip_address]
depends_on = [azurerm_private_endpoint.endpoint]
}
resource azurerm_storage_account_network_rules networkrule {
storage_account_id = azurerm_storage_account.saflow.id
default_action = "Deny"
virtual_network_subnet_ids = data.azurerm_subnet.subnet.id,data.azurerm_subnet.subnet-global.id
bypass = ["AzureServices"]
depends_on = [azurerm_private_endpoint.endpoint, azurerm_private_dns_a_record.recordglobal]
}
Please help if there is anything wrong with this terraform code.
I removed the code for private endpoint and the storage account got created. Then post that I added the code for private endpoint and private endpoint got created. But why it is not getting created when I have both the codes together for storage account and private endpoint.