Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

storageAccounts virtualNetworkRules validation fails for cross-tenant subnet #2603

Open
KenBenjamin opened this issue Oct 6, 2022 · 0 comments
Open

storageAccounts virtualNetworkRules validation fails for cross-tenant subnet #2603

KenBenjamin opened this issue Oct 6, 2022 · 0 comments
Labels
Needs: Triage 🔎

Comments

@KenBenjamin
Copy link

KenBenjamin commented Oct 6, 2022
edited
Loading

The following preflight error is returned if using a resource identifier that refers to another tenant:
Error: Code=InvalidValuesForRequestParameters; Message=Values for request parameters are invalid: networkAcls.virtualNetworkRules[*].id. For more information, see - | https://aka.ms/storagenetworkruleset

Using PowerShell Add-AzStorageAccountNetworkRule works correctly, as do same-tenant resource Ids.

This is a required and documented use case: "IP network rules have no effect on requests originating from the same Azure region as the storage account. Use Virtual network rules to allow same-region requests."

Virtual network rules goes on to say: "The allowed subnets may belong to a VNet in the same subscription, or those in a different subscription, including subscriptions belonging to a different Azure Active Directory tenant."
@ghost ghost added the Needs: Triage 🔎 label Oct 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs: Triage 🔎
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KenBenjamin