When I am deploying Azure Storage account using terraform, I am getting error like - Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded.
When I am removing the code for private endpoint creation, the Storage account is getting deployed. But when I am using all the code together for storage account and private endpoint, my pipeline is failing with above error mentioned.
I removed the code for private endpoint and the storage account got created. Then post that I added the code for private endpoint and private endpoint got created. But why it is not getting created when I have both the codes together for storage account and private endpoint.
Terraform: Error: retrieving static website properties for Storage Account (Subscription: *** : context deadline exceeded
The context deadline exceeded occurs when the request made by Terraform
takes longer than the default timeout
value. You can try increasing the timeout value to resolve this issue. when the storage account is created, it might not be immediately ready to accept a private endpoint
connection, leading to errors.
To address this issue, you can add a depends_on
attribute for the azurerm_private_endpoint
resource and add timeout
block in the storage account
block. This ensures that it waits until the null_resource.log_enabler
is fully executed, thereby ensuring that the storage account is completely set up before the private endpoint
creation begins
Here is the updated Terraform
code to create a storage account, a private endpoint, and other resources in a single run.
provider "azurerm" {
features {}
}
data "azurerm_resource_group" "rg" {
name = "RG_Name"
}
resource "azurerm_private_dns_zone" "example" {
name = "mydomain.com"
resource_group_name = data.azurerm_resource_group.rg.name
}
resource "azurerm_virtual_network" "example" {
name = "storage-vnet"
address_space = ["10.0.0.0/16"]
location = data.azurerm_resource_group.rg.location
resource_group_name = data.azurerm_resource_group.rg.name
depends_on = [azurerm_private_dns_zone.example]
}
resource "azurerm_subnet" "example" {
name = "storage-subnet"
resource_group_name = data.azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
service_endpoints = ["Microsoft.Storage"]
depends_on = [azurerm_virtual_network.example]
}
resource "azurerm_storage_account" "saflow" {
name = "thejastorage"
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "LRS"
min_tls_version = "TLS1_2"
allow_nested_items_to_be_public = false
identity {
type = "SystemAssigned"
}
timeouts {
create = "30m"
update = "30m"
delete = "30m"
}
blob_properties {
delete_retention_policy {
days = 30
}
container_delete_retention_policy {
days = 30
}
versioning_enabled = true
}
queue_properties {
logging {
delete = true
read = true
write = true
version = "1.0"
retention_policy_days = 10
}
hour_metrics {
enabled = true
include_apis = true
retention_policy_days = 10
version = "1.0"
}
minute_metrics {
enabled = true
include_apis = true
retention_policy_days = 10
version = "1.0"
}
}
}
resource "azurerm_storage_container" "container" {
name = "thejacontainer"
storage_account_name = azurerm_storage_account.saflow.name
container_access_type = "private"
depends_on = [azurerm_storage_account.saflow]
}
resource "null_resource" "log_enabler" {
provisioner "local-exec" {
command = <<EOT
az storage account keys list --account-name ${azurerm_storage_account.saflow.name} --resource-group ${azurerm_storage_account.saflow.resource_group_name} --query '[0].value' --output tsv > key.txt
az storage logging update --log rwd --retention 30 --services qtb --account-name ${azurerm_storage_account.saflow.name} --account-key $(cat key.txt)
rm key.txt
EOT
}
depends_on = [
azurerm_storage_container.container
]
}
resource "azurerm_private_endpoint" "endpoint" {
name = "storageendpoint"
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
subnet_id = azurerm_subnet.example.id
private_dns_zone_group {
name = "storagedns"
private_dns_zone_ids = [azurerm_private_dns_zone.example.id]
}
private_service_connection {
name = "storageconnection"
is_manual_connection = false
private_connection_resource_id = azurerm_storage_account.saflow.id
subresource_names = ["blob"]
}
depends_on = [null_resource.log_enabler]
}
provider "azurerm" {
alias = "globalsub"
features {}
}
resource "azurerm_private_dns_a_record" "recordglobal" {
name = azurerm_storage_account.saflow.name
zone_name = azurerm_private_dns_zone.example.name
resource_group_name = data.azurerm_resource_group.rg.name
ttl = 10
records = [azurerm_private_endpoint.endpoint.private_service_connection[0].private_ip_address]
depends_on = [azurerm_private_endpoint.endpoint]
}
resource "azurerm_storage_account_network_rules" "networkrule" {
storage_account_id = azurerm_storage_account.saflow.id
default_action = "Deny"
virtual_network_subnet_ids = [azurerm_subnet.example.id]
bypass = ["AzureServices"]
depends_on = [azurerm_private_dns_a_record.recordglobal]
}
Terraform apply
Portal result
Refer the link to resolve Context Deadline Exceeded Error