Originally posted by **rjosephp** August 2, 2024
I am using Azure Pipelines, and the Terraform tasks published by Dev Test Labs. I am trying to connect to my Storage Account to be used a my remote backend. I am using Workload Identity Federation (Service Principal). The App registration is successfully completed, Federated Credentials are saved, and the Azure DevOps Service Connection is verified and saved. The SPN also has "**Contributor**" assigned to subscription scope where the Storage Account is, and also given the "**Storage Blob Data Contributor**" on the Storage Account.
However, I keep getting the error with the Status=403 Code="AuthorizationFailure".
```
_024-08-02T23:34:12.8694487Z [command]C:\hostedtoolcache\windows\terraform\1.8.5\x64\terraform.exe init -backend-config=storage_account_name=lb0eusxxxxxxxxx001 -backend-config=container_name=tfstate -backend-config=key=dev.terraform.tfstate -backend-config=resource_group_name=RG-SBX-PTFM -backend-config=subscription_id=38xxxxxxxxxxxxxxxxxde -backend-config=tenant_id=63xxxxxxxxxxxxxxx0e -backend-config=use_azuread_auth=true -backend-config=client_id=*** -backend-config=oidc_token=*** -backend-config=use_oidc=true
2024-08-02T23:34:12.9731436Z
2024-08-02T23:34:12.9733716Z [0m[1mInitializing the backend...[0m
2024-08-02T23:34:13.6681681Z [0m[1mInitializing modules...[0m
2024-08-02T23:34:13.6695582Z - rg_hub_network in modules\resource_group
2024-08-02T23:34:13.6712198Z [31m[31m╷[0m[0m
2024-08-02T23:34:13.6713341Z [31m│[0m [0m[1m[31mError: [0m[0m[1mFailed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:e65f2375-b01e-007a-3434-e5377d000000\nTime:2024-08-02T23:34:13.6516516Z"[0m_
```
The below is my pipeline code:
```
- task: TerraformTaskV4@4
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: 'CON-SUB-DEV-TECH-SBOX'
backendAzureRmResourceGroupName: 'RG-SBX-PTFM'
backendAzureRmStorageAccountName: 'lb0xxxxxxxxxxxxxx001'
backendAzureRmContainerName: 'tfstate'
backendAzureRmKey: 'dev.terraform.tfstate'
```
I also tried backendAzureRmUseEntraIdForAuthentication: true. But, same error.
Any insights would be helpful!
Discussed in https://github.com/microsoft/azure-pipelines-terraform/discussions/230