Terraform: Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded

Question

When I am deploying Azure Storage account using terraform, I am getting error like - Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded.

When I am removing the code for private endpoint creation, the Storage account is getting deployed. But when I am using all the code together for storage account and private endpoint, my pipeline is failing with above error mentioned.

I removed the code for private endpoint and the storage account got created. Then post that I added the code for private endpoint and private endpoint got created. But why it is not getting created when I have both the codes together for storage account and private endpoint.

Answer 1

You are experiencing issues what is caused by the underlying design of Azure APIs and the AzureRM provider for Terraform. There is extensive discussion on the topic here.

The problem: you are executing Terraform from a network that does not have network connectivity to the private endpoint of that storage account AND you have not allowed your public IP address to access the storage account.

Possible solution 1: You grant a firewall exception to the public IP where you are executing your Terraform from. Might be against the security requirements you are working with

Possible solution 2 You execute your terraform in a place, that has visibility to the private endpoint (e.g. a VM running in the same VNET, through a VPN or similar)

Notes: This is not a timeout issue, the request just says timeout as its blocked by the blob storage Firewall. Also the first Terraform always succeeds as Terraform just notices that there is no existing Blob Storage -> no need to refresh its status.