Get-AzureStorageKey Error on Azure Automation

Question

I'm configuring a Azure Automation Runbook with a "Classic RunAs Connection". After I select the Azure Subscription with this connection, I'm getting the storage key for one of my storage accounts, but the problem is that sometimes it works and sometimes it doesn't. Here is what I'm doing:

$ConnectionAssetName = "AzureClassicRunAsConnection" 
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
$CertificateAssetName = $Conn.CertificateAssetName
$Cert = Get-AutomationCertificate -Name $CertificateAssetName 
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert  
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID

$storageAccountKey = Get-AzureStorageKey -StorageAccountName "MyStorageAccountName" 

The transient error that occurs is:

Get-AzureStorageKey : An error occurred while sending the request.

At line:38 char:26

• ... eAccountKey = Get-AzureStorageKey -StorageAccountName "MyStorageAccountName"

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • CategoryInfo : CloseError: (:) [Get-AzureStorageKey], HttpRequestException

  • FullyQualifiedErrorId :

Microsoft.WindowsAzure.Commands.ServiceManagement.StorageServices.GetAzureStorageKeyCommand

It works most of the time, but sometimes this exception is thrown.

Can somebody help me?

Thanks!

Answer 1

After some unsucessful testing, I decided to store the StorageKey inside an encrypted variable.

I know that this is not the best solution, but I didn't find the problem. The original solution worked most of the time, but the exception thrown when the error occurs, didn't help me to find it.

Answer 2

You need to use a RunAs connection - the ClassicRunAsConnections are for RDFE, the KeyVault cmdlets use your AzureRm credentials. The RunAs credentials provide you with a Service Principal, and you need to give that service principal access to your KeyVault in KeyVault configuration