Skip to content

New-AzResourceGroupDeployment #22131

New issue
New issue
Open
Open
New-AzResourceGroupDeployment#22131
Labels
ARM - TemplatesService AttentionThis issue is responsible by Azure service team.customer-reportedquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@vlo001

Description

@vlo001
vlo001
opened on Jun 21, 2023

Description

The New-AzResourceGroupDeployment command doesn't work when deploying a template from an Azure storage account with Public network access disabled.

Following the below from the New-AzResourceGroupDeployment examples

Example 4: Deploy a template stored in a non public storage account using a uri and SAS token
PowerShell

New-AzResourceGroupDeployment -ResourceGroupName "RGName" -TemplateUri "https://example.com/example.json" -QueryString "foo"
This command creates a new deployment using the template in TemplateUri which is not public and requires a token parameter to access which would be provided using the QueryString parameter. Running this command effectively accesses the template using the url https://example.com/example.json?foo. This can be used if you want to use a template in a storage account by providing the SAS token as the QueryString

Our Command
New-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateURI "https://storageaccountURL/folder/xxxx.json" -TemplateParameterObject $Params
-Name ("create-xxxxx" + '-' + ((Get-Date).ToUniversalTime()).ToString('MMdd-HHmm')) `
-QueryString "SAS Token"

Error
New-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupNa …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 18:05:59 - Error: Code=InvalidContentLink; Message=Unable to download
| deployment content from
| 'https://storageaccountURL/folder/xxxx.json?SAS token

Note, I can access the storage account successfully using a browser and providing the SAS token.

Your assistance would be appreciated. If this should be doable, I'll gather the debug and error output.

Thanks.

Script or Debug output

No response

Environment data

$PSVersionTable       

Name                           Value
----                           -----
PSVersion                      7.3.0
PSEdition                      Core
GitCommitId                    7.3.0
OS                             Microsoft Windows 10.0.19044
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

Get-Module Az*

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.12.3                Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     4.10.0                Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateContact, Add-AzKeyVaultKey, Add-AzKeyVaultManagedStorageAccount…}
Script     6.7.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script     5.7.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccountNetworkRule, Close-AzStorageFileHan

Error output

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    ARM - TemplatesService AttentionThis issue is responsible by Azure service team.customer-reportedquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions