Trying to deploy storage account and a lifecycle policy with ARM fails with Internal Server Error on policy

Philip Patrick 20 Reputation points
2024-07-09T14:18:41.13+00:00

Hello,

I am trying to deploy a storage account with an ARM template (generated from Bicep) with lifecycle management policy and the policy rule fails with Internal Server Error, without of course any details, so it is not possible to know if I am passing anything wrong or there is something else.

Anyone stumbled upon such problem?

Tracking ID: 2d83a006-ee90-4aa3-909a-9f183a514189

Service request ID: b07b7d15-2648-46d7-a86b-fe09f87e7256

The bicep file look like this:


targetScope = 'resourceGroup'

param prefix string = 'st'
param location string
param tags object

var logsRetentionDays = 90

resource logsStorage 'Microsoft.Storage/storageAccounts@2023-05-01' = {
  name: '${prefix}${uniqueString(resourceGroup().id, location)}'
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  tags: tags
  properties: {
    allowBlobPublicAccess: false
    allowSharedKeyAccess: true
    minimumTlsVersion: 'TLS1_3'
    publicNetworkAccess: 'Enabled'
  }
}

resource deletePolicy 'Microsoft.Storage/storageAccounts/managementPolicies@2023-05-01' = {
  name: 'default'
  parent: logsStorage
  properties: {
    policy: {
      rules: [
        {
          enabled: true
          name: 'AccountManagementPolicyRule'
          type: 'Lifecycle'
          definition: {
            actions: {
              baseBlob: {
                delete: {
                  daysAfterCreationGreaterThan: logsRetentionDays
                }
              }
            }
            filters: {
              blobTypes: [
                'appendBlob'
                'blockBlob'
              ]
            }
          }
        }
      ]
    }
  }
}

output storage object = {
  name: logsStorage.name
  id: logsStorage.id
}
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,149 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,256 questions
0 comments
Accepted answer
  1. Nehruji R 7,801 Reputation points Microsoft Vendor
    2024-07-10T11:28:30.7266667+00:00

    Hello Philip Patrick, I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    As Microsoft doc suggests setting the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0, for this property, refer article for more details.

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.

    Issue: Customer unable to deploy a storage account with an ARM template (generated from Bicep) with lifecycle management policy.

    Error Message:

    Policy rule fails with Internal Server Error

    Solution: Customer rolled back to TLS1_2 from TLS1_3. After downgrading the version, the issue got mitigated.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Philip Patrick 20 Reputation points
    2024-07-10T07:21:41.6633333+00:00

    The problem was with minimumTlsVersion in the storage account. TLS1_3 is not yet supported it looks like, even though available in the ARM and deployment doesn't fail. Moving it back to TLS1_2 solves the issue

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.