azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Additional restrictions are required when copying between storage accounts using private endpoints in the hub-spoke topology.

Open SeungJeongYang opened this issue 1 year ago • 2 comments

[Enter feedback here]

Based on the link below, it can be expected that the client performing azcopy will execute successfully as long as there is communication established each source and destination.

If the client is located in the Hub VNet and the source/destination storage accounts are located in each spoke Vnet, executing azcopy may result in a 403 error.

image

There are two mitigations as follows:

1.Configure a direct peering between the Spoke VNet where the Source SA is located and the VNet where the Destination is located. image

2.Connect both the Source SA and Destination SA to a Private Endpoint located in the same VNet. image

Conclusion I expect that adding the above information to the document will be beneficial to users.

https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/storage-use-azcopy-troubleshoot?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json#transfer-data-between-storage-accounts

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

SeungJeongYang avatar May 28 '23 13:05 SeungJeongYang

@SeungJeongYang Thanks for your feedback! We will investigate and update as appropriate.

AjayBathini-MSFT avatar May 28 '23 18:05 AjayBathini-MSFT

@SeungJeongYang Thanks for your feedback! We will investigate and update as appropriate.

YashikaTyagii avatar Jun 01 '23 04:06 YashikaTyagii

@YashikaTyagii Thanks for taking it. Could please let me know progress?

SeungJeongYang avatar Jun 10 '23 14:06 SeungJeongYang

@YashikaTyagii May I know the progress regarding this feedback?

SeungJeongYang avatar Nov 08 '23 05:11 SeungJeongYang

Thank you for sharing this information! Our engineering team is working on an article to clear some of this up. Once that is published, we'll likely add notes to multiple articles. The subject is more around copying blobs between storage accounts and less about AzCopy per se. However, the AzCopy article will make a great target to route readers to the article that is being created. Thank you for your insights here.

#please-close

normesta avatar Jan 16 '24 21:01 normesta