Question

Automation in West Europe uses local IP on Thu, 24 Oct 2019 09:20:06


We are working on a runbook that deletes data from a container in a Storage Account, that is network firewall protected. We have a workaround to add the public IP address of the runbook execution to the firewall rules, that was working fine, but since a few weeks ago it has stopped working, and the reason is that the automation is trying to access the storage account with a local IP.

From our tests:

- Automation in UK South to UK South (working)

- Automation in UK South to West Europe (working)

- Automation in West Europe to UK South (working)

- Automation in West Europe to West Europe (not working)

In all the cases, the public IP of the runbook execution is being added to the network firewall rules, but in the specific case of WEU to WEU, when we check the logs a local IP shows up. This is from a test in my lab:

2.0;2019-10-24T08:40:27.7505078Z;GetContainerProperties;IpAuthorizationError;403;3;3;authenticated;jaistorweu2;jaistorweu2;blob;"https://jaistorweu2.blob.core.windows.net:443/container1?restype=container";"/";d61eace7-001e-0050-2f46-8af9b3000000;0;10.218.0.27:53063;2019-02-02;421;0;193;0;0;;;;;;"Azure-Storage/11.1.0 (.NET Core; Win32NT 6.2.9200.0)";;"Azure-Storage-PowerShell-607af255-3e62-4e59-a213-219f8218ea83";;;;;;;;

As per that log, the IP is "10.218.0.27", which is a local IP address.

The same runbook works fine, using a public address like "40.74.53.145", when accessing a storage account in UK South.

All of this would be much easier if Microsoft would include Azure Automation as one of the Trusted Services, but unfortunately that is not the case for now.

Replies

SwathiDhanwada-MSFT on Tue, 29 Oct 2019 17:25:46


Thanks for reaching out! Can you please verify again and let us know if you are still facing the issue as there was service unavailability  for West Europe region recently which might have caused the issue.

I also would recommend you to navigate here and share your feedback or suggestions directly with the responsible Azure feature team and clicking the vote button of your suggestion to raise visibility and priority on it.

Hope this helps!