Can I restrict batch account linked auto storage with Firewall and azure virtual network setting?
I have batch account with auto storage linked where the application packages are stored. I want to restrict the access on the this batch linked auto storage with virtual network settings.
I tried adding vnet setting and allowed the subnet of my selfhost virtual machine scale set agents , from devops pipeline I am tryingto execute powershell script which uploads the application package to the batch account using below command
New-AzBatchApplicationPackage -AccountName $BatchAccountName -ResourceGroupName $ResourceGroupName -ApplicationId $ApplicationName -ApplicationVersion $newVersionNumber -Format zip -FilePath $PackageFilePath
this command works when the storage network setting all networks is enabled, but when I try to select the selected network , the command files to upload the package with the error
Failed to add application package DataExportProcessor version 89.0. The auto storage account keys are invalid, please sync auto storage keys.
In the storage selected network I am allowing my devops scale set agent subnet but , I am not uploading package directly to the storage from scale set machine, the New-AzBatchApplicationPackage command uploads the application package to storage, but I am not sure which IP , I should whitelist in my storage account so that batch account can update the application package
Please note that, while setting firewall of storage account you need to select All Networks .
If you want to choose selected network, then you have to add your public IP address and the list of the IPs of the BatchNodeManagement to your Storage Account firewall.
To get the list of those IPs, you can refer this blog by Amine Charot.
Make sure to add IPs like below:
To resolve the "Failed to add application package DataExportProcessor version 89.0. The auto storage account keys are invalid, please sync auto storage keys" please check whether the keys in storage account and batch account are same or not.
If not sync like below:
Go to Azure Portal -> Your Batch Account -> Storage Account -> SyncKeys
Reference:
- How to use Azurite with Visual Studio 2022?
- Error when viewing parquet file in Azure Data Factory
- disabling azure classic storage account diagnostics
- How do I serialize a .NET object into Azure Blob Storage without using a temporary file?
- Azure Storage create temp file
- How connect Azure Storage Explorer to Azurite running in WSL?
- How to move a file on Azure File Storage from one sub folder to another sub folder using the Azure Storage SDK?
- Can't create Azure Storage Account: SubscriptionNotFound
- Is it possible to grab a value from a blob (uploaded csv to container) and pass it to a Logic App?
- Unable to create container in a Storage account created with endpoint type as AzureDnsZone
- Why do I get the "is not a Parquet file" error when when creating a parquet reader
- Pushing data from Azure Storage Account to Azure DevOps Repo Daily
- App Service to Storage Account Connection in Azure Virtual Network
- ADLS Rest API - Getting directory list using a SAS token from directory not container?
- Azure BlobContainerClient vs BlobContainerAsyncClient
- How to allow IP Based access to StorageAccount in Azure VNet?
- Azure Blob Storage - private container access
- Recommended access practice for blob storage
- How to download a file into an Azure Storage account from a function app
- How to use the blob storage service from ios?
- How to use empty disk spaces under /dev/sdb1 on Azure?
- PowerShell script to fetch Azure storage account based on tag name & value
- Azure File Storage ReadWriteMany access mode
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to convert the premium file share to premium block blob storage account or standard general purpose v2 storage account?
- How to generate an azure blob url with SAS signature in nodejs sdk v12?
- Is it possible to read File from same folder where Azure function exists
- Azure CLI SubscriptionNotFound Error Despite Correct Subscription and Owner Role
- Copy Data From Azure Blob Storage to AWS S3