I am trying to use a module in terraform but I am running into and issue with the storage account that I can't seem to understand or find an answer to. Every time the plan gets to the storage account, I get the following error.
building Accounts Data Plane Client: retrieving Storage Account Key: listing Keys for Storage Account HTTP response was nil; connection may have been reset
The network on the storage account is open for public access in the module and the storage account was created but I can't use the storage account for boot diagnostics for a vm.
Code as followed:
varaible.tf
variable "admin_password" {
type = string
description = "Admin Password"
sensitive = true
}
variable "admin_username" {
type = string
description = "admin username"
}
variable "azurerm_availability_set_name" {
type = string
description = "Availability set for virtual machine"
}
variable "backup_policy" {
type = object({
frequency = string
time = string
})
default = {
frequency = "Daily"
time = "23:00"
}
}
variable "backup_policy_name" {
type = string
description = "Name of backup policy"
}
variable "backup_policy_retention" {
type = number
description = "Backup Policy retention. This is the amount of backups that will be retained at all times. If the rentention is 10, the policy will only hold 10 backups at the most at all times."
default = 10
}
variable "ip_configuration" {
type = object({
name = string
private_ip_address_allocation = string
private_ip_address_version = string
subnet_id = string
})
description = "IP Configuration for NIC Card"
}
variable "location" {
type = string
description = "Location of VM. The location default will be of the virutal network it is in"
}
variable "network_interface_name" {
type = string
description = "Name of NIC card"
}
variable "os_disk" {
type = object({
caching = string
disk_size_gb = number
storage_account_type = string
//write_accelerator_enabled = bool
})
default = {
caching = "ReadOnly"
disk_size_gb = 128
storage_account_type = "Premium_LRS"
// write_accelerator_enabled = true
}
description = "OS disk for VM. New Resource will be created if this is changed."
}
variable "recovery_services_vault_name" {
type = string
description = "Name of recovery service"
}
variable "resource_group_name" {
type = string
description = "Resource group name"
}
variable "size" {
type = string
description = "VM size. New Resource will be created if this is changed"
}
variable "sku" {
type = string
description = "Sku of Recovery Vault"
default = "Standard"
}
variable "source_image_reference" {
type = object({
publisher = string
offer = string
sku = string
version = string
})
default = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2022-Datacenter"
version = "latest"
}
description = "VM Operation system. New Resource will be created if this is changed."
}
variable "storage_account_name" {
type = string
description = "storage account name"
}
variable "storage_account_replication_type" {
type = string
description = "Storage account replication type"
default = "GRS"
}
variable "storage_account_tier" {
type = string
description = "storage account tier"
default = "Standard"
}
variable "vm_id" {
type = string
description = "Virtual machine id "
}
variable "vm_name" {
type = string
description = "Name of VM"
}
windowsvm.tf
resource "azurerm_availability_set" "windows_vm_availablity_set" {
name = var.azurerm_availability_set_name
location = var.location
resource_group_name = var.resource_group_name
}
resource "azurerm_network_interface" "windowsvm_network_interface" {
name = varwork_interface_name
location = var.location
resource_group_name = var.resource_group_name
ip_configuration {
name = var.ip_configuration.name
private_ip_address_allocation = var.ip_configuration.private_ip_address_allocation
private_ip_address_version = var.ip_configuration.private_ip_address_version
subnet_id = var.ip_configuration.subnet_id
}
}
resource "azurerm_windows_virtual_machine" "windowsvm" {
name = var.vm_name
resource_group_name = var.resource_group_name
location = var.location
size = var.size
admin_password = var.admin_password
admin_username = var.admin_username
os_disk {
caching = var.os_disk.caching
disk_size_gb = var.os_disk.disk_size_gb
storage_account_type = var.os_disk.storage_account_type
//write_accelerator_enabled = var.os_disk.write_accelerator_enabled
}
source_image_reference {
publisher = var.source_image_reference.publisher
offer = var.source_image_reference.offer
sku = var.source_image_reference.sku
version = var.source_image_reference.version
}
network_interface_ids = [azurerm_network_interface.windowsvm_network_interface.id]
availability_set_id = azurerm_availability_set.windows_vm_availablity_set.id
boot_diagnostics {
storage_account_uri = azurerm_storage_account.storageaccount.primary_blob_endpoint
}
depends_on = [azurerm_network_interface.windowsvm_network_interface, azurerm_availability_set.windows_vm_availablity_set]
}
resource "azurerm_recovery_services_vault" "testrecoveryservice" {
name = var.recovery_services_vault_name
location = var.location
resource_group_name = var.resource_group_name
sku = var.sku
}
resource "azurerm_backup_policy_vm" "backup_policy" {
name = var.backup_policy_name
resource_group_name = var.resource_group_name
recovery_vault_name = var.recovery_services_vault_name
backup {
frequency = var.backup_policy.frequency
time = var.backup_policy.time
}
retention_daily {
count = var.backup_policy_retention
}
depends_on = [azurerm_recovery_services_vault.testrecoveryservice]
}
resource "azurerm_backup_protected_vm" "vm_policy" {
resource_group_name = var.resource_group_name
recovery_vault_name = azurerm_recovery_services_vault.testrecoveryservice.name
source_vm_id = var.vm_id
backup_policy_id = azurerm_backup_policy_vm.backup_policy.id
depends_on = [azurerm_windows_virtual_machine.windowsvm, azurerm_recovery_services_vault.testrecoveryservice, azurerm_backup_policy_vm.backup_policy]
}
resource "azurerm_storage_account" "storageaccount" {
name = var.storage_account_name
location = var.location
resource_group_name = var.resource_group_name
account_tier = var.storage_account_tier
account_replication_type = var.storage_account_replication_type
}
I am trying to use a module in terraform but I am running into and issue with the storage account that I can't seem to understand or find an answer to. Every time the plan gets to the storage account, I get the following error.
building Accounts Data Plane Client: retrieving Storage Account Key: listing Keys for Storage Account HTTP response was nil; connection may have been reset
The network on the storage account is open for public access in the module and the storage account was created but I can't use the storage account for boot diagnostics for a vm.
Code as followed:
varaible.tf
variable "admin_password" {
type = string
description = "Admin Password"
sensitive = true
}
variable "admin_username" {
type = string
description = "admin username"
}
variable "azurerm_availability_set_name" {
type = string
description = "Availability set for virtual machine"
}
variable "backup_policy" {
type = object({
frequency = string
time = string
})
default = {
frequency = "Daily"
time = "23:00"
}
}
variable "backup_policy_name" {
type = string
description = "Name of backup policy"
}
variable "backup_policy_retention" {
type = number
description = "Backup Policy retention. This is the amount of backups that will be retained at all times. If the rentention is 10, the policy will only hold 10 backups at the most at all times."
default = 10
}
variable "ip_configuration" {
type = object({
name = string
private_ip_address_allocation = string
private_ip_address_version = string
subnet_id = string
})
description = "IP Configuration for NIC Card"
}
variable "location" {
type = string
description = "Location of VM. The location default will be of the virutal network it is in"
}
variable "network_interface_name" {
type = string
description = "Name of NIC card"
}
variable "os_disk" {
type = object({
caching = string
disk_size_gb = number
storage_account_type = string
//write_accelerator_enabled = bool
})
default = {
caching = "ReadOnly"
disk_size_gb = 128
storage_account_type = "Premium_LRS"
// write_accelerator_enabled = true
}
description = "OS disk for VM. New Resource will be created if this is changed."
}
variable "recovery_services_vault_name" {
type = string
description = "Name of recovery service"
}
variable "resource_group_name" {
type = string
description = "Resource group name"
}
variable "size" {
type = string
description = "VM size. New Resource will be created if this is changed"
}
variable "sku" {
type = string
description = "Sku of Recovery Vault"
default = "Standard"
}
variable "source_image_reference" {
type = object({
publisher = string
offer = string
sku = string
version = string
})
default = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2022-Datacenter"
version = "latest"
}
description = "VM Operation system. New Resource will be created if this is changed."
}
variable "storage_account_name" {
type = string
description = "storage account name"
}
variable "storage_account_replication_type" {
type = string
description = "Storage account replication type"
default = "GRS"
}
variable "storage_account_tier" {
type = string
description = "storage account tier"
default = "Standard"
}
variable "vm_id" {
type = string
description = "Virtual machine id "
}
variable "vm_name" {
type = string
description = "Name of VM"
}
windowsvm.tf
resource "azurerm_availability_set" "windows_vm_availablity_set" {
name = var.azurerm_availability_set_name
location = var.location
resource_group_name = var.resource_group_name
}
resource "azurerm_network_interface" "windowsvm_network_interface" {
name = varwork_interface_name
location = var.location
resource_group_name = var.resource_group_name
ip_configuration {
name = var.ip_configuration.name
private_ip_address_allocation = var.ip_configuration.private_ip_address_allocation
private_ip_address_version = var.ip_configuration.private_ip_address_version
subnet_id = var.ip_configuration.subnet_id
}
}
resource "azurerm_windows_virtual_machine" "windowsvm" {
name = var.vm_name
resource_group_name = var.resource_group_name
location = var.location
size = var.size
admin_password = var.admin_password
admin_username = var.admin_username
os_disk {
caching = var.os_disk.caching
disk_size_gb = var.os_disk.disk_size_gb
storage_account_type = var.os_disk.storage_account_type
//write_accelerator_enabled = var.os_disk.write_accelerator_enabled
}
source_image_reference {
publisher = var.source_image_reference.publisher
offer = var.source_image_reference.offer
sku = var.source_image_reference.sku
version = var.source_image_reference.version
}
network_interface_ids = [azurerm_network_interface.windowsvm_network_interface.id]
availability_set_id = azurerm_availability_set.windows_vm_availablity_set.id
boot_diagnostics {
storage_account_uri = azurerm_storage_account.storageaccount.primary_blob_endpoint
}
depends_on = [azurerm_network_interface.windowsvm_network_interface, azurerm_availability_set.windows_vm_availablity_set]
}
resource "azurerm_recovery_services_vault" "testrecoveryservice" {
name = var.recovery_services_vault_name
location = var.location
resource_group_name = var.resource_group_name
sku = var.sku
}
resource "azurerm_backup_policy_vm" "backup_policy" {
name = var.backup_policy_name
resource_group_name = var.resource_group_name
recovery_vault_name = var.recovery_services_vault_name
backup {
frequency = var.backup_policy.frequency
time = var.backup_policy.time
}
retention_daily {
count = var.backup_policy_retention
}
depends_on = [azurerm_recovery_services_vault.testrecoveryservice]
}
resource "azurerm_backup_protected_vm" "vm_policy" {
resource_group_name = var.resource_group_name
recovery_vault_name = azurerm_recovery_services_vault.testrecoveryservice.name
source_vm_id = var.vm_id
backup_policy_id = azurerm_backup_policy_vm.backup_policy.id
depends_on = [azurerm_windows_virtual_machine.windowsvm, azurerm_recovery_services_vault.testrecoveryservice, azurerm_backup_policy_vm.backup_policy]
}
resource "azurerm_storage_account" "storageaccount" {
name = var.storage_account_name
location = var.location
resource_group_name = var.resource_group_name
account_tier = var.storage_account_tier
account_replication_type = var.storage_account_replication_type
}
2 Answers
Reset to default 0Retrieving Storage Account Key: listing Keys for Storage account for boot diagnostics for a vm using terraform
You can use depends on to leverage the requirement by making storage account should be fully provisioned before Terraform attempts to retrieve its keys.
You mentioned that the network settings allow public access but make sure to check make sure any active firewall settings do not restrict Terraform from retrieving the storage account keys.
I tried to demo configuration, mentioning the depends on property as per requirement, I was able to provision the requirement.
Demo configuration:
resource "azurerm_storage_account" "storageaccount" {
name = var.storage_account_name
location = var.location
resource_group_name = azurerm_resource_group.rg.name
account_tier = var.storage_account_tier
account_replication_type = var.storage_account_replication_type
}
resource "azurerm_windows_virtual_machine" "vm" {
name = var.vm_name
resource_group_name = azurerm_resource_group.rg.name
location = var.location
size = var.size
admin_username = var.admin_username
admin_password = var.admin_password
network_interface_ids = [azurerm_network_interface.nic.id]
os_disk {
caching = "ReadOnly"
storage_account_type = "Premium_LRS"
disk_size_gb = 128
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2022-Datacenter"
version = "latest"
}
boot_diagnostics {
storage_account_uri = azurerm_storage_account.storageaccount.primary_blob_endpoint
}
depends_on = [azurerm_storage_account.storageaccount]
}
resource "azurerm_recovery_services_vault" "vault" {
name = var.recovery_services_vault_name
location = var.location
resource_group_name = azurerm_resource_group.rg.name
sku = "Standard"
}
resource "azurerm_backup_policy_vm" "backup_policy" {
name = var.backup_policy_name
resource_group_name = azurerm_resource_group.rg.name
recovery_vault_name = azurerm_recovery_services_vault.vault.name
backup {
frequency = "Daily"
time = "23:00"
}
retention_daily {
count = 10
}
}
resource "azurerm_backup_protected_vm" "vm_backup" {
resource_group_name = azurerm_resource_group.rg.name
recovery_vault_name = azurerm_recovery_services_vault.vault.name
source_vm_id = azurerm_windows_virtual_machine.vm.id
backup_policy_id = azurerm_backup_policy_vm.backup_policy.id
depends_on = [azurerm_windows_virtual_machine.vm]
}
Deployment:
If the Issue still persists, Instead of retrieving storage keys manually, try using data "azurerm_storage_account" to fetch the primary blob endpoint dynamically.
Refer:
Terraform depends_on with modules answer by Martin Atkins
You need to add the storage account to the depends_on property for your windowsvm. This will ensure that the storage account is created before the VM.