How do I create a managed disk from a blob in a different Azure account w/Terraform?

0
votes

I have a .vhd saved in my Azure storage account. I have the container set to allow anonymous read and from an unauthenticated browser I can indeed download the VHD.

My code:

resource "azurerm_managed_disk" "MyDisk" {
  name                 = "MyDisk"
  location             = var.location
  resource_group_name  = azurerm_resource_group.rg.name
  storage_account_type = "Standard_LRS"
  create_option        = "Copy"
 source_resource_id = "/subscriptions/.../resourceGroups/ProvisioningScripts/providers/Microsoft.Storage/storageAccounts/myvhds/blobServices/default"
source_uri = "https://....blob.core.windows.net/images/mydisk.vhd"
  disk_size_gb         = "32"

  tags = {
    environment = "staging"
  }
}

I am getting the following error when I try to apply:

Error: Error creating/updating Managed Disk "MyDisk" (Resource Group "rg"): compute.DisksClient#CreateOrUpdate: Failure sending request: StatusCode=403 -- Original Error: Code="LinkedAuthorizationFailed" Message="The client has permission to perform action 'Microsoft.Compute/disks/beginGetAccess/action' on scope '/subscriptions/.../resourceGroups/rg/providers/Microsoft.Compute/disks/MyDisk', however the current tenant '4019...' is not authorized to access linked subscription '626c...'."

Thank you much for your help.

1
azureterraformterraform-provider-azure
Any updates on this question? Does it solve your problem?Charles Xu

1 Answers

1
votes

It's impossible to create a managed disk from a VHD file in a different Tenant directly. You need to copy the VHD file to a storage account in the same tenant and same subscription, and then you can create a new managed disk from the VHD file in that subscription. Of course, your account needs to have enough permissions to copy and create.