Azure Storage Account error: Status=403 Code="AuthorizationFailure" in self-hosted github runner

Question

I am using Azure Blob to store my terraform state file. Restricted network access is enabled on the Storage account with a specified list of allowed ip addresses. I deploy my azure resources via github action using a self-hosted agent. i have a script that gets the ip address of the agent and adds it to the list of allowed ip addresses on the Storage Account. there is also a 10 seconds delay in the script to allow the changes to be propagated.
Also i have assigned both Contributor Role and Storage Blob Data Contributor to the Service Principal used in the pipeline to authenticate to my azure subscription

but when the step for terrafrom init is executed in the workflow, i get this error:

Error: Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation  

please can someone help me out on how to resolve this error? thank you

Answer 1

Can you check, if the service principle has got enough permissions in the subscription, you are in? Provide maximum possible privilages and have a try to test it first

Terraform script that runs in Cloud Shell overwrites the ARM_SUBSCRIPTION_ID and ARM_TENANT_ID environment variables using values from the current Azure subscription. As a result, if the service principal referenced by the environment variables doesn't have rights to the current Azure subscription, any Terraform operations will fail

----------

--please don't forget to upvote and Accept as answer if the reply is helpful--