Error: This request is not authorized to perform this operation - TerraformTaskV4@4 - init

[rjosephp]

Discussed in https://github.com/microsoft/azure-pipelines-terraform/discussions/230

^{Originally posted by **rjosephp** August 2, 2024} I am using Azure Pipelines, and the Terraform tasks published by Dev Test Labs. I am trying to connect to my Storage Account to be used a my remote backend. I am using Workload Identity Federation (Service Principal). The App registration is successfully completed, Federated Credentials are saved, and the Azure DevOps Service Connection is verified and saved. The SPN also has "**Contributor**" assigned to subscription scope where the Storage Account is, and also given the "**Storage Blob Data Contributor**" on the Storage Account. However, I keep getting the error with the Status=403 Code="AuthorizationFailure". ``` _024-08-02T23:34:12.8694487Z [command]C:\hostedtoolcache\windows\terraform\1.8.5\x64\terraform.exe init -backend-config=storage_account_name=lb0eusxxxxxxxxx001 -backend-config=container_name=tfstate -backend-config=key=dev.terraform.tfstate -backend-config=resource_group_name=RG-SBX-PTFM -backend-config=subscription_id=38xxxxxxxxxxxxxxxxxde -backend-config=tenant_id=63xxxxxxxxxxxxxxx0e -backend-config=use_azuread_auth=true -backend-config=client_id=*** -backend-config=oidc_token=*** -backend-config=use_oidc=true 2024-08-02T23:34:12.9731436Z 2024-08-02T23:34:12.9733716Z Initializing the backend... 2024-08-02T23:34:13.6681681Z Initializing modules... 2024-08-02T23:34:13.6695582Z - rg_hub_network in modules\resource_group 2024-08-02T23:34:13.6712198Z ╷ 2024-08-02T23:34:13.6713341Z │ Error: Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:e65f2375-b01e-007a-3434-e5377d000000\nTime:2024-08-02T23:34:13.6516516Z"_ ``` The below is my pipeline code: ``` - task: TerraformTaskV4@4 inputs: provider: 'azurerm' command: 'init' backendServiceArm: 'CON-SUB-DEV-TECH-SBOX' backendAzureRmResourceGroupName: 'RG-SBX-PTFM' backendAzureRmStorageAccountName: 'lb0xxxxxxxxxxxxxx001' backendAzureRmContainerName: 'tfstate' backendAzureRmKey: 'dev.terraform.tfstate' ``` I also tried backendAzureRmUseEntraIdForAuthentication: true. But, same error. Any insights would be helpful!

[vanmash]

You might want to try adding backendAzureRmUseEnvironmentVariablesForAuthentication: true

[brk3]

Check that your storage account has public access enabled?