CODEWITHSUNDEEP
azureazure-blob-storageazure-sas
amsDeveloper
amsDeveloper

Reputation: 337

Azure Storage Account : Blob service (SAS) Connectivity Check FAILED

We created a new Storage Account on Azure. And, when we perform the Connectivity Check, it shows that Blob service (SAS) endpoint is not accessible with message "Public access is not permitted on this storage account." The status code is 409.

The Storage Account was upgraded from V1 to General-Purpose V2. Is that causing this issue?

Connectivity Check Failure

Also, "Generate SAS and connection string" button in "Shared access signature" is disabled and greyed out.

Generate SAS and connection string

How do we create and enable this endpoint? My search so far doesn't point to any solution to create/enable this over the Portal. Is it possible only through the REST API?

Blob service (SRP) check, Share Access Signature check is successful. There is no private endpoint, firewall created and access is allowed from "All Networks".

Accessing blob from client side with Storage Account Key with an API is currently failing with error code 403.

Also, we are successfully able to fetch the blob details from "Microsoft Azure Storage Explorer" connected with the 'Connection String' of the Storage Account.

Additional Details :

I can also see that "Blob service (Azure AD)" endpoint is not accessible, but "Queue service (Azure AD) endpoint is.

Azure AD Blob service

Upvotes: 10

Views: 13118

Answers (2)

dyslexit
dyslexit

Reputation: 773

To expand a bit more on @Shantanu's answer, @Brando-Zhang explains what each of those resource types mean here:

As far as I know, the resource type, you could regard as below:

  • Service (s): Access to service-level APIs (e.g., Get/Set Service Properties, Get Service Stats, List Containers/Queues/Tables/Shares)
  • Container (c): Access to container-level APIs (e.g., Create/Delete Container, Create/Delete Queue, Create/Delete Table, Create/Delete Share, List Blobs/Files and Directories)
  • Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files(e.g. Put Blob, Query Entity, Get Messages, Create File, etc.)

Upvotes: 0

Shantanu
Shantanu

Reputation: 321

I faced a similar issue, seems like by default Allowed resource types option is unchecked. Select any one option and the Generate SAS Connection String button becomes enabled. Check the screen shot

Upvotes: 32

Related Questions