@Stoian, Claudiu - Thanks for the question and using MS Q&A platform.
The error message indicates that the user assigned managed identity used by the pipeline to create resources does not have the required data plane write permissions on the storage account. Specifically, the error message suggests that the Microsoft.Storage/storageAccounts/blobServices/containers/write
and Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
permissions need to be enabled on the storage account for the user or the application.
You mentioned that the user assigned managed identity has Storage Blob Data Contributor assigned in the scope of the storage account. However, this role does not include the required permissions mentioned in the error message.
To resolve the issue, you need to grant the user assigned managed identity with Storage Blob Data Owner permissions on the storage account. You can do this by adding a role assignment for the managed identity on the storage account with the required permissions. Specifically, you need to add the Microsoft.Storage/storageAccounts/blobServices/containers/write
and Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
permissions to the role assignment.
Once you have added the required permissions to the role assignment, you should be able to create the event hub with capture configuration using the Bicep script without any issues.
For more detials, refer to Capture events through Azure Event Hubs in Azure Blob Storage or Azure Data Lake Storage - Azure Storage account as a destination
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.