Terraform: AzureRM - Error creating Azure Storage Account - 409 - StorageAccountAlreadyTaken

Created on 28 Jan 2017  ยท  3Comments  ยท  Source: hashicorp/terraform

Hi,

First and foremost, thanks for developing Terraform, this is such a great tool!

However, example from the azurerm_virtual_machine AzureRM documentation fails with:

* azurerm_storage_account.test: Error creating Azure Storage Account 'accsa': 
storage.AccountsClient#Create: Failure responding to request: 
StatusCode=409 -- Original Error: autorest/azure: Service returned an error. 
Status=409 Code="StorageAccountAlreadyTaken" 
Message="The storage account named accsa is already taken."

It happens regardless of the name of the azurerm_storage_account.
It also happens with different configurations, against other locations.

Note that, even though the API version is relatively old (api-version=2016-01-01), HTTP responses returned by Azure are quite surprising:

  • 409 StorageAccountAlreadyTaken on PUT /[...]/storageAccounts/accsa, but
  • 404 Not Found on subsequent GET, even though you'd expect the resource to be there given the previous error.

Terraform Version

Terraform v0.8.5

Affected Resource(s)

azurerm_storage_account

Terraform Configuration Files

https://gist.github.com/marccarre/8ffd09b7017d1a96da3c316eeb86a531

Debug Output

https://gist.github.com/marccarre/270d1f03dd2e6c29bc615485fc0f4164

TL;DR:

> PUT /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acctestrg/providers/Microsoft.Storage/storageAccounts/accsa?api-version=2016-01-01 HTTP/1.1
{
    "sku": {
        "name": "Standard_LRS"
    },
    "kind": "Storage",
    "location": "westus",
    "tags": {
        "environment": "staging"
    },
    "properties": {
        "encryption": {
            "services": {
                "blob": {
                    "enabled": false
                }
            },
            "keySource": "Microsoft.Storage"
        }
    }
}

< HTTP/1.1 409 Conflict
{
    "error": {
        "code": "StorageAccountAlreadyTaken",
        "message": "The storage account named accsa is already taken."
    }
}

> GET /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acctestrg/providers/Microsoft.Storage/storageAccounts/accsa?api-version=2016-01-01 HTTP/1.1

< HTTP/1.1 404 Not Found
{
    "error": {
        "code": "ResourceNotFound",
        "message": "The Resource 'Microsoft.Storage/storageAccounts/accsa' under resource group 'acctestrg' was not found."
    }
}

Expected Behavior

azurerm_storage_account gets created, along with the rest of the resources.

Actual Behavior

* azurerm_storage_account.test: Error creating Azure Storage Account 'accsa': storage.AccountsClient#Create: Failure responding to request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=409 Code="StorageAccountAlreadyTaken" Message="The storage account named accsa is already taken."

Steps to Reproduce

terraform apply on the provided configuration -- see Gist.

provideazurerm question
Source
picture marccarre

Most helpful comment

Hi @marccarre! This is an unfortunate set of errors presented from the Azure side, but they are correct. Storage account names must be unique across _all_ Azure accounts, not just your own, so someone else likely has the name. The 404 is likely an attempt to prevent information leaking about whether something exists or not, though somewhat futile given the error when you try to create it.

Consider appending a unique identifier onto the end of your storage account name. If it is important to you, this also mitigates around the eventual consistency in the API, enabling an apply/destroy workflow that can proceed quickly.

picture jen20 on 29 Jan 2017
👍2

All 3 comments

Hi @marccarre! This is an unfortunate set of errors presented from the Azure side, but they are correct. Storage account names must be unique across _all_ Azure accounts, not just your own, so someone else likely has the name. The 404 is likely an attempt to prevent information leaking about whether something exists or not, though somewhat futile given the error when you try to create it.

Consider appending a unique identifier onto the end of your storage account name. If it is important to you, this also mitigates around the eventual consistency in the API, enabling an apply/destroy workflow that can proceed quickly.

jen20 picture jen20 on 29 Jan 2017
👍2

Many thanks for the reply and recommendations @jen20.
Definitely an unexpected constraint from a user's perspective, but many thanks for clarifying it.
Kudos-- for Azure and kudos++ for you and Terraform!

marccarre picture marccarre on 31 Jan 2017

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 17 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ketzacoatl picture ketzacoatl  ยท  3Comments
rjinski picture rjinski  ยท  3Comments
zeninfinity picture zeninfinity  ยท  3Comments
ronnix picture ronnix  ยท  3Comments
jrnt30 picture jrnt30  ยท  3Comments