Unable to access the storage account () with the access token from azure media service

Question

I tried to create an asset for azure media service from the portal as well as from code, we're getting below error:

Unable to access the storage account ({resource-name}) with the access token. we used an existing storage account while setting up the azure media service.

Answer 1

The Managed Identity of Media Services account must have the Storage Blob Contributor role for the storage account.

To check this in the Azure Portal, first find out which identity set for the storage account by selecting "Storage accounts" from the menu of the Media Services account, this should be either "System-assigned" or the name of a user-assigned Managed Identity. Next, go to the storage account in the portal, select "Access Control (IAM)" from the menu, select "Role assignments" from the toolbar, then add the role assignment. When adding the role assignment, the Role should be set to "Storage Blob Data Contributor" and the Members should be set to the Managed Identity used by the Media Services account to access the storage account. After adding the role assignment, it may take a few minutes for the change to take effect.

Other considerations

Adding the role assignment should fix this issue. If not, the issue may be related to the storage account configuration. Check that the following storage account options are set:

• Performance: Standard
• Enable hierarchical namespace: Off
• Allow Azure services on the trusted services list to access this storage account: Enabled
  • This option is found in the "Networking" section of the storage portal pages, under "Firewalls and virtual networks", when the "Allow access from" ... "Selected networks" option is selected